RE: Adobe put Trojan horse in Acrobat.

[Bret McDanel <bret () rehost com>]

---Reply on mail from Stout, Bill about Adobe put Trojan horse in Acrobat.

> No worries.  
>
> McAfee definition file 4.0.4017 reports netbus, 4.0.4019 does not.  Adobe
> says that this is a false positive, and has caused some [unmonitored by
> Adobe] list hysteria.  The Acrobat 4.0 beta release was tested with
> 4.0.4014, which reported Actobat 4.0 beta clear of viruses.
> Bill Stout

I think this shows the reasons for good research before claims are made as
fact..  The original post indicated to me (I may have misread however)
that it was confirmed that it was there, and it seemed to indicate that
Adobe confirmed it being there by the 'no one has reported any problems'
comment..  

Now it seems that it was due to a false positive in scanning software,
which I dont recall that scanning software being named as what discovered
NetBus in the first place..

Anyway, this also goes to show that you cannot rely alone on pattern
matching..  If you do, you run the risk of such potential false positives,
or the the risk of missing real stuff all together.. 

This is why you need to monitor (at least in part) for actions that a
program/whatever does, and not only rely on patterns..  However this
statement may start a holy war on which is the better way to detect stuff
like viruses, and the like, and I dont want to get into that, so if you
dont agree with my *opinion* please dont clog the list saying so :)

-- 
Bret McDanel                                    http://www.rehost.com
Realistic Technologies, Inc.                             973-514-1144

     These opinions are mine, and may not be the same as my employer