funsec mailing list archives
Re: DefCon 'Race to Zero'
From: <Toralv_Dirro () McAfee com>
Date: Mon, 28 Apr 2008 10:15:22 +0100
Sorry, there is a lot to be learned by getting inside the mind of a hacker and building software to defeat AV Packages. If you cannot see this then you don't belong in the security industry. As a security expert, you make security better by constantly thinking of new ways to violate it. If everything the enemy can think of catches you totally off guard, I think you need to get a new job, find a new career, either voluntarily or after you get fired.
Now there is a very common misconception if it comes to malware and security. Viruses and Trojans don't try to exploit any vulnerabilities that need to be fixed, they simply take advantage of features offered by the OS (modifying files, creating files, establishing connections to some C&C etc.). AV software is basically looking for all known malware and is trying to detect new (i.e. unknown) malware based on behaviour or similarities to known malware. Anything that can be learned from such a contest has allready been shown back in the early 90s. The contest may provide some interesting insights if it were up against behaviour-based protection and HIPS actively running on a system, but against a bunch of commandline-AV-scanners? C'mon... cheers, Toralv Firmensitz: Muenchen Amtsgericht: AG Muenchen Handelsregister: HRB 144340 Geschaeftsfuehrer: Eric F. Brown, Anthony E. Ruiseal Bankverbindung: ABN-Amro Bank N.V. Konto 671 211 9006 UST-ID: DE168122444 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' Rich Kulawiec (Apr 25)
- Re: DefCon 'Race to Zero' Eduardo Tongson (Apr 25)
- <Possible follow-ups>
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Rich Kulawiec (Apr 26)
- Re: DefCon 'Race to Zero' Joel R. Helgeson (Apr 28)
- Re: DefCon 'Race to Zero' Toralv_Dirro (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 28)
- Re: DefCon 'Race to Zero' Blue Boar (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 29)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' 'Rich Kulawiec' (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)