funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: standards status in the industry - opinion?

From: Drsolly <drsollyp () drsolly com>
Date: Sun, 8 Jan 2006 00:08:06 +0000 (GMT)
On Sat, 7 Jan 2006, Matthew Murphy wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Gadi Evron wrote:

Well, about the AV I tend to disagree. I believe the AV simply isn't
adequate to deal with these sort of threats anymore.


I agree 100%.  Purely signature-based scanning that proved able to
detect all the WMF exploits out there would produce scores of FPs.  It's
yet another example of why sig scanning is broken.

When I said we were setting our standards too low on AV, I didn't mean
that I wanted the AVers to just produce better sigs.  Better technology
is one of the things AV needs as well.  We've set our standards *FAR*
too low there, and are still allowing AVers to ram this terrible,
decades-old technology down our throats.

 
Every problem is an opportunity in disguise. I agree, something better 
than signature scanning is needed, but I'm not going to go for this one, 
so get programming!

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: