funsec mailing list archives
Re: DefCon 'Race to Zero'
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 28 Apr 2008 22:37:04 +1200
Toralv_Dirro () mcafee com wrote:
Now there is a very common misconception if it comes to malware and security. Viruses and Trojans don't try to exploit any vulnerabilities that need to be fixed, they simply take advantage of features offered by the OS (modifying files, creating files, establishing connections to some C&C etc.). AV software is basically looking for all known malware and is trying to detect new (i.e. unknown) malware based on behaviour or similarities to known malware. Anything that can be learned from such a contest has allready been shown back in the early 90s. The contest may provide some interesting insights if it were up against behaviour-based protection and HIPS actively running on a system, but against a bunch of commandline-AV-scanners? C'mon...
Why ruin a perfectly pointless skiddie piddling match by introducing a few pertinent facts? You Germans have no sense of humour... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: DefCon 'Race to Zero', (continued)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' Rich Kulawiec (Apr 25)
- Re: DefCon 'Race to Zero' Eduardo Tongson (Apr 25)
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Rich Kulawiec (Apr 26)
- Re: DefCon 'Race to Zero' Joel R. Helgeson (Apr 28)
- Re: DefCon 'Race to Zero' Toralv_Dirro (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 28)
- Re: DefCon 'Race to Zero' Blue Boar (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 29)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' 'Rich Kulawiec' (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)
- Re: DefCon 'Race to Zero' Charles Miller (Apr 28)