Re: The wildlist

["David Harley" <david.a.harley () gmail com>]

> Every AV company had, as target, to detect *all* viruses, 
> irrespective of whether it was known to be in the wild or 
> not. The wildlist was mostly of use to consumers to help them 
> avoid poor AV products.

Actually, it has virtually no direct relevance to consumers nowadays. Most
of the names listed mean nothing unless you have access to the reference
collection on which they're based. 

The collection still has some (limited) use because it's validated, and
because it tells you something about a tested product's positioning inside
the industry. A bigger collection tells you something different, if you have
trust in a tester/collection maintainer's (usually unspecified) validation
methodology. 
 
> > Instead of stabbing each other in the back to make a buck, the AV 
> > companies
>
> I don't think we ever did that. Actually, there was quite a 
> lot of cooperation between the techies (and I guess there still is).

Of course there is. You can't judge an AV company -entirely- by its press
releases. ;-)

> No, we were extracting money from people who had, mostly, 
> already had an encounter with a virus, and didn't want another one.

Actually, customers bear part of the responsibility for the survival of the
sig subscription model, despite its serious limitations. They like the
(near-)certainty of exact-ish identification, and want it all the time, even
though it can't offer anything like 100% detection of all threats. When
Krebs rubbishes generic detection, what he really means is that it's no use
because it isn't exact ID. Like his audience, he wants exact ID before the
fact, irrespective of whether it's actually feasible...

--
David Harley

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.