Re: AV Naming Convention

[Jan Muenther <jan.muenther () nruns com>]

Hey there,

> Oh, I am not unhappy with AV companies at all. They do their job and most do
> it very well and very fast. But there are programs that aren't detectable by
> any AV programs. I have one sitting on my desktop; I received it in the
> e-mail weeks ago. I send it in as a sample and heard nothing. Why? Because
> it isn't running thru the news and in everyone's e-mail. The largest threats
> should be taken care of first, given. But should the public not be informed
> about things like this. Where is the protection?

While I understand your point, you must also understand that AV vendors need
to focus whatever manpower they have at hand on the more immanent threats to
the biggest part of their userbase. 

If you just execute everything that you can get a hold of on your box, don't
cry for your AV vendor. It's your own fault, basta la pasta.
Besides, their reactivity really depends on the AV vendor, at least according
to my experience. 

> Some people question sig-based scanning and I understand their point. We
> need to help the AV companies think outside the box and create new ways of
> detection and prevention. We are the community help them. 

Erm. AV detection goes a little bit beyond simple pattern matching nowadays. 

If you ask me, it's far more important to tell people it's just not a good idea
to run everything and the kitchen sink with Administrator/root rights, even
if you have AV software running with recent signatures. 

Like in a car, you can have excellent security measures, such as airbags and 
seat belts, but in the end, it's you who's at the wheel. 

cheers, J.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html