This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: anybody else also infected


At 10:31 AM 2/14/2002, David Starks-Browning wrote:
>On Thursday 14 Feb 02, Peter Buckley writes:
> > I agree about the healthy skepticism- this was obviously a false 
> > positive from the very start, but I don't think the faq addresses this 
> > type of false positive.
>
>Addressing virus alerts in the FAQ has always been a dilemma for me.
>I do not like to give the advice "disable your antivirus software" or
>"turn off checking for C:\cygwin".  It seems to me that such action
>could be exploited.


Right.  I don't think it's good practice for us to recommend that.  NAV
has the ability to list things that should be excluded skipped.  I 
suppose we could suggest that, although I don't know if this is a common
feature and it still has some risks, though I think it's reasonable.  
Certainly it's the option that one must use if one finds a confirmed false
positive if one doesn't want to be annoyed by the repeated complaints 
until the virus vendor can provide an update (assuming that the virus
software can't "cure" the virus).  In that respect, I personally have no
problems with suggesting that as an option in this case.


>Should the FAQ say something like "do not bother the list with virus
>alerts unless you have independently verified that it is not a false
>positive"?  This would apply to all Cygwin software, package archives,
>DLLs, ...


IMO, absolutely!


>There was a special problem with Cygwin Setup because NAI/McAfee would
>hang the system when opening tar.gz archives.  Maybe this is not a
>problem anymore, and can be removed from the FAQ.  Or the advice could
>be simplified to be "update your antivirus software or replace it with
>another vendor's product".  Of course not everyone can do that, but
>that's not our problem.


I guess this one could be debatable.  I have no firm stance.  I guess 
without any additional data to indicate that this FAQ is no longer 
relevant, leave it to be safe.



Larry Hall                              lhall@rfk.com
RFK Partners, Inc.                      http://www.rfk.com
838 Washington Street                   (508) 893-9779 - RFK Office
Holliston, MA 01746                     (508) 893-9889 - FAX


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]