Re: Security FAIL.

["Kurt Baumgartner" <kbaumgartner () pctools com>]

> There is a general insistence in the AV industry to test only malware
> which is a few weeks old.

Not true. Often, samples that the vendors miss are months old. It's very
unfortunate that the misses occur even against sets from the "Wild
List".
The AV vendors, testers, journalists, academics, and other security
players are working on it this year -- www.amtso.org.

> I'm not sure if it's a problem for the AV companies, though.  Their
> brands are quite strong, and the policies that guarantee them a steady
> revenue stream are well-enshrined industry-wide.  Certainly it's not
> going to affect them in the current CEO cycle, and that's why they
> aren't dealing with it aggressively.  

May be true for some, but not true for all AV companies. While there
hasn't been a seismic shift in the industry just yet, multiple AV
companies are very interested in improving effectiveness in their
products and acting on it (Microsoft included). 

> we're heading towards a profound change in technology and business
models.

It's about time.


Kurt
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave