funsec mailing list archives
Re: The wildlist
From: Drsolly <drsollyp () drsolly com>
Date: Tue, 3 Jun 2008 01:16:45 +0100 (BST)
On Mon, 2 Jun 2008, Bruce Ediger wrote:
Apparently from:http://www.eweek.com/c/a/Security/The-AntiMalware-Certification-Problem/...In fact, insiders in the anti-virus industry, especially vendors, are widely derisive of the WildList, looking on it as an outdated burden on their development. The malware in it is outdated and not representative of the true threats facing users.Wait, the "wild" list does not represent the true threats facing users in the real wild? Why not? It's the "wild" list, right? Given the amount of footdragging that led up to the "wildlist" shouldn't the users get a replacement before it goes away? I mean, really, the AV people would have made more progress early on if they'd had something like the "wildlist" wouldn't they?
No. Every AV company had, as target, to detect *all* viruses, irrespective of whether it was known to be in the wild or not. The wildlist was mostly of use to consumers to help them avoid poor AV products.
Back in the days when boot-sector viruses like Brain were the main threat, getting an idea of the geographic dispersion would have helped the AV folks to decide what the methods of propagation were, right?
No. Because we already knew. You leave an infected data disk in drive A when you boot up.
Local outbreaks might mean sharing MS-DOS boot disks. International simultaneous outbreaks might mean "BBS" distribution, or someone typed in a virus from Burger's or Ludwig's books.
The viruses from Burger's book were very poor replicators. Only Vienna was seen at all in the wild, and that not very often. This is because it wasn't a memory-resident replicator. The other Burger viruses were even worse.
Instead of stabbing each other in the back to make a buck, the AV companies
I don't think we ever did that. Actually, there was quite a lot of cooperation between the techies (and I guess there still is).
could have put together something that would have helped everyone, instead of merely extracting money from the pockets of the most fearful and superstitious.
No, we were extracting money from people who had, mostly, already had an encounter with a virus, and didn't want another one.
But I guess that wouldn't have been as much fun as telling people to "Practice Safe Hex" or some other dumb catchphrase. They should have told people to run linux, or netbsd or OS-9 or NeXTStep. That would have helped more than "Safe Hex".
Telling people to "Practise safe Hex" was, I agree, pretty useless. Telling people to switch their operating system (or change their computing platform), and change all their application software, would have been even more useless. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The wildlist Alex Eckelberry (Jun 02)
- Re: The wildlist Bruce Ediger (Jun 02)
- Re: The wildlist Drsolly (Jun 02)
- Re: The wildlist coderman (Jun 02)
- Re: The wildlist Drsolly (Jun 03)
- Re: The wildlist David Harley (Jun 03)
- Re: The wildlist Drsolly (Jun 02)
- Re: The wildlist David Harley (Jun 03)
- Re: The wildlist Bruce Ediger (Jun 02)
- Re: The wildlist David Harley (Jun 03)