Re: Show me the Virii! (Pyrrhic heuristic)

["starlabs" <ashipp () messagelabs com>]

> From: "Feher Tamas" <etomcat () freemail hu>
>
> Anti-Virus heuristics' job is not to catch unknown viruses, but to 
> measure the amount of lazy factor in virus authors' blood.
>
> The fully functional trial versions (usually 30-day limited) of all anti-virus 
> packages by all vendors is available on the Web. You just download it, 
> no hassle, anonimously. Obviously, AV companies need to sell their 
> products and free trial versions are an effective way of convincing the 
> would-be customers of the software's merits.

> But there is a side effect: virus writers can also test their new creations 
> in-house, for free. [snip]

This is a good point, but is not the full picture. I know of at least four
companies offering virus scanning as an outsourced service, who use 
their own scanners. These are not available to the virus writer offline, 
and therefore it is much harder to get viruses past them. 

> I think heuristics has a limited future in the AV field... 

I guess I better start looking for a new job then :-)

Regards,

Alex

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html