Dailydave mailing list archives
Re: Security FAIL.
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 05 Apr 2008 23:05:28 +0200
* Dave Aitel:
http://blogs.the451group.com/security/?p=16 The 451 Group has an interesting article on the FAIL that is the AV industry right now. I like the last paragraph especially where they reference the "illusion of competence". As they note, having a better metric to test the AV industry (like number of people with it installed who get owned by malware) would largely benefit consumers as a whole. I wouldn't look for anything here soon.
There is a general insistence in the AV industry to test only malware which is a few weeks old. In testing, you also get sort-of competitive performance with MD5-based checking, even if the malware in question is made MD5-unique before actual deployment. I'm not sure if it's a problem for the AV companies, though. Their brands are quite strong, and the policies that guarantee them a steady revenue stream are well-enshrined industry-wide. Certainly it's not going to affect them in the current CEO cycle, and that's why they aren't dealing with it aggressively. But I agree that we're heading towards a profound change in technology and business models. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Security FAIL. Dave Aitel (Apr 04)
- Re: Security FAIL. Florian Weimer (Apr 07)
- Re: Security FAIL. Kurt Baumgartner (Apr 08)
- Re: Security FAIL. Florian Weimer (Apr 07)