Comments on: Symantec: It Was The Computers Fault http://www.liquidmatrix.org/blog/2007/05/21/symantec-it-was-the-computers-fault/ Bringing Fire To The Village: Your Source For Computer, Network & Information Security News from Dave Lewis, Security Blogger Sat, 22 Nov 2008 03:28:52 +0000 http://wordpress.org/?v=2.6.3 By: kurt wismer http://www.liquidmatrix.org/blog/2007/05/21/symantec-it-was-the-computers-fault/#comment-36476 kurt wismer Tue, 22 May 2007 14:52:36 +0000 http://www.liquidmatrix.org/blog/2007/05/21/symantec-it-was-the-computers-fault/#comment-36476 i've been thinking about this subject a bit and it's reminded me of how quality control often works in manufacturing... there too one often deals with largely automated systems and manual inspection of each and every widget is often not feasible so instead they sample a percentage of the output at regular intervals... i have no idea if anti-virus companies in general or symantec in particular do anything similar (or even if it's cost effective for them to do so, it really depends on how frequently errors occur) but i think this approach is the only reasonable approach they could take to quality control on the output of their automated analysis/signature generation technology, and it wouldn't have necessarily prevented what has occurred... so yeah, shit happens is pretty much what i think this boils down to... i’ve been thinking about this subject a bit and it’s reminded me of how quality control often works in manufacturing… there too one often deals with largely automated systems and manual inspection of each and every widget is often not feasible so instead they sample a percentage of the output at regular intervals…

i have no idea if anti-virus companies in general or symantec in particular do anything similar (or even if it’s cost effective for them to do so, it really depends on how frequently errors occur) but i think this approach is the only reasonable approach they could take to quality control on the output of their automated analysis/signature generation technology, and it wouldn’t have necessarily prevented what has occurred… so yeah, shit happens is pretty much what i think this boils down to…

]]> By: Dave Lewis http://www.liquidmatrix.org/blog/2007/05/21/symantec-it-was-the-computers-fault/#comment-36462 Dave Lewis Tue, 22 May 2007 11:11:41 +0000 http://www.liquidmatrix.org/blog/2007/05/21/symantec-it-was-the-computers-fault/#comment-36462 I'll take monumental tasks for $200 Alex. Yes, I can well imagine the enormity of the task that AV vendors have before them. A rather unenviable position to be in to say the least. Then again I would doubt that the affected users in China would have much in the way of sympathy. I believe the age old adage, shit happens, would be best placed in the conversation at this point, no? Thanks for the comment Kurt. I appreciate it when people take the time to comment. All of the lurkers might want to weigh in at some point... I’ll take monumental tasks for $200 Alex.

Yes, I can well imagine the enormity of the task that AV vendors have before them. A rather unenviable position to be in to say the least. Then again I would doubt that the affected users in China would have much in the way of sympathy. I believe the age old adage, shit happens, would be best placed in the conversation at this point, no?

Thanks for the comment Kurt. I appreciate it when people take the time to comment. All of the lurkers might want to weigh in at some point…

]]> By: kurt wismer http://www.liquidmatrix.org/blog/2007/05/21/symantec-it-was-the-computers-fault/#comment-36427 kurt wismer Tue, 22 May 2007 03:13:32 +0000 http://www.liquidmatrix.org/blog/2007/05/21/symantec-it-was-the-computers-fault/#comment-36427 while it's all well and good to say that humans should validate the outputs from automated processes, considering the particulars of this instance (the complexity, the time requirements, the throughput, etc) would you care to guess at how that would work in practice? while it’s all well and good to say that humans should validate the outputs from automated processes, considering the particulars of this instance (the complexity, the time requirements, the throughput, etc) would you care to guess at how that would work in practice?

]]>