Re: DefCon 'Race to Zero'

["'Rich Kulawiec'" <rsk () gsp org>]

On Mon, Apr 28, 2008 at 02:09:02AM -0500, Joel R. Helgeson wrote:
> Sorry, there is a lot to be learned by getting inside the mind of a hacker
> and building software to defeat AV Packages. 

I'll agree that this is an interesting intellectual exercise that has
the potential to teach those engaging in it some valuable lessons about
virus and antivirus and antiantivirus software.

However, my approach to this is to declare that any operating system which
can't survive in the wild without antivirus software is broken-on-release
and thus somewhere between "suboptimal" and "unacceptable" for use,
depending on how susceptible it is.  One of the things about IT security
which continues to amaze and disappoint me simultaneously is that a huge
number of people have come to accept that it's "routine" for systems to
be succesfully attacked by viruses.  No offense to Fergie, who I have
tremendous respect for on multiple levels, but the existence of the
entire antivirus industry is a testament to the persuasive power of
marketing and a prima facie  indicator of abysmally poor operating
system security.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.