Dailydave mailing list archives
Re: The Anti-Virus/IDS fantasy world
From: "Nathan Landon" <nathan.landon () digitaloperatives com>
Date: Fri, 15 Jun 2007 09:03:21 -0400
Antivirus is so 1999! I'd be incredibly surprised to see if half of the people on this list actually pay for Antivirus for their client machines and believe that it somehow protects them from being infected at a cost benefit to the resource utilization of modern antivirus software. If somebody tells me that they are having issues with their system being too slow, 9 times out of 10 it is because the AV software is abusing it's right to be on the system. Antivirus is like home owners insurance, it makes you feel better about the "what ifs," but doesn't protect you from the Hurricane Katrina's. On 6/10/07, toby <toby00 () gmail com> wrote:
I would suggest you are talking about different people. The malware analysts at any AV company probably dig through more malware samples than you do on a regular basis. They are likely talking about the average quality of code they get. You (I suspect) are talking more about the ability to write good, subtle malware. Underestimating your opponents is a fatal mistake either way. The best malware analysts I know are well aware of the skills of the authors. Likewise so are the authors I know aware of the skills of the analysts. t On 6/9/07, Dave Aitel <dave.aitel () gmail com> wrote: > The weblog snippet below shows the attitude I love about the anti-virus > and IDS companies. The "I'm better than you both technically and morally" > fantasy they live in is quite amazing. It's like when people derisively say > "script kiddie" and 100% of the time they mean "someone who's way better at > security than I'll ever be". The reality is that writing malware is > incredibly hard, and the people who do it are amazingly talented. > > http://www.sophos.com/security/blog/2007/05/120.html > > """ > > The fact is, whatever the motivation, writing malware is not 'clever', > on the whole it's not even particularly difficult. Although this particular > author seems to have trouble because the sample we received didn't work. > > It takes a lot more skill to identify and remove malware, but in this > case, even that wasn't difficult. So my message to the author is, don't > bother, get a real job, but don't bother applying to join SophosLabs. In > fact judging by the poor quality of what was submitted, I would recommend a > completely different career. > > Update 4th June - If anyone other than malware authors want to join > SophosLabs, we're recruiting<http://www.sophos.com/companyinfo/careers/uk/822857832455.html> > > Mark Harris - Director of SophosLabs > """ > > > -dave > > _______________________________________________ > Dailydave mailing list > Dailydave () lists immunitysec com > http://lists.immunitysec.com/mailman/listinfo/dailydave > > _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- Nathan Landon Digital Operatives www.digitaloperatives.com Phone: 808-221-9172
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Anti-Virus/IDS fantasy world Dave Aitel (Jun 09)
- Re: The Anti-Virus/IDS fantasy world Kradorex Xeron (Jun 15)
- Re: The Anti-Virus/IDS fantasy world toby (Jun 15)
- Re: The Anti-Virus/IDS fantasy world Nathan Landon (Jun 16)
- Re: The Anti-Virus/IDS fantasy world Paul Melson (Jun 16)
- Re: The Anti-Virus/IDS fantasy world val smith (Jun 19)
- <Possible follow-ups>
- The Anti-Virus/IDS fantasy world No Body (Jun 15)
- Re: The Anti-Virus/IDS fantasy world El Nahual (Jun 16)