funsec mailing list archives
Re: standards status in the industry - opinion?
From: Drsolly <drsollyp () drsolly com>
Date: Sun, 8 Jan 2006 00:10:08 +0000 (GMT)
On Sun, 8 Jan 2006, Gadi Evron wrote:
I agree 100%. Purely signature-based scanning that proved able to detect all the WMF exploits out there would produce scores of FPs. It's yet another example of why sig scanning is broken. When I said we were setting our standards too low on AV, I didn't mean that I wanted the AVers to just produce better sigs. Better technology is one of the things AV needs as well. We've set our standards *FAR* too low there, and are still allowing AVers to ram this terrible, decades-old technology down our throats.I disagree on a part of what you say. If AV-ers could make better detection, they would. They are no slackers. The fact that the marketing part of the business keeps sticking that same solution down our throats is indeed the truth, and it is no longer adequate and research should proceed in other fields as well. Our industry likes old and stable though. It fits well in budget requests.
I can tell you that in 1988, signature-based scanning was not "old and stable". A replacement for this is possible, and I think I can even see how to do it. But it's someone else's turn to implement it. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: standards status in the industry - opinion?, (continued)
- Re: standards status in the industry - opinion? Matthew Murphy (Jan 07)
- Re: standards status in the industry - opinion? Gadi Evron (Jan 07)
- Re: standards status in the industry - opinion? Gadi Evron (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Matthew Murphy (Jan 07)
- Re: standards status in the industry - opinion? Gadi Evron (Jan 07)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Florian Weimer (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Drsolly (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 07)
- Re: standards status in the industry - opinion? Blue Boar (Jan 07)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- Re: standards status in the industry - opinion? Drsolly (Jan 08)
- Re: standards status in the industry - opinion? Blue Boar (Jan 08)
- RE: standards status in the industry - opinion? Stephen Villano (Jan 08)
- RE: standards status in the industry - opinion? Drsolly (Jan 08)
- RE: standards status in the industry - opinion? Nick FitzGerald (Jan 08)
- Re: standards status in the industry - opinion? Nick FitzGerald (Jan 08)