Full Disclosure mailing list archives
RE: AV Naming Convention
From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 10 Aug 2004 13:27:03 -0500
I wouldn't be in my position, if I ran everything that was sent me. Home users need to be educated, but that is a whole different issue. The Trojan on my desktop was broken down by me and a friend that is a security researcher. It is a Trojan used by SPAM groups. It isn't a mass-mailer. I am going to write any article about how I received it and the partly code analysis. But the point, I want to make is that things need to change. We can throw off all talks about it now (and some of you look like you want to) or we can try to find ways to advance the field. We are the customers and we direct where the time and money is spent indirectly. -----Original Message----- From: Jan Muenther [mailto:jan.muenther () nruns com] Sent: Tuesday, August 10, 2004 1:14 PM To: Todd Towles Cc: Glenn_Everhart () bankone com; todd () hostopia com; frank () knobbe us; full-disclosure () netsys com Subject: Re: [Full-disclosure] AV Naming Convention Hey there,
Oh, I am not unhappy with AV companies at all. They do their job and most
do
it very well and very fast. But there are programs that aren't detectable
by
any AV programs. I have one sitting on my desktop; I received it in the e-mail weeks ago. I send it in as a sample and heard nothing. Why? Because it isn't running thru the news and in everyone's e-mail. The largest
threats
should be taken care of first, given. But should the public not be
informed
about things like this. Where is the protection?
While I understand your point, you must also understand that AV vendors need to focus whatever manpower they have at hand on the more immanent threats to the biggest part of their userbase. If you just execute everything that you can get a hold of on your box, don't cry for your AV vendor. It's your own fault, basta la pasta. Besides, their reactivity really depends on the AV vendor, at least according to my experience.
Some people question sig-based scanning and I understand their point. We need to help the AV companies think outside the box and create new ways of detection and prevention. We are the community help them.
Erm. AV detection goes a little bit beyond simple pattern matching nowadays. If you ask me, it's far more important to tell people it's just not a good idea to run everything and the kitchen sink with Administrator/root rights, even if you have AV software running with recent signatures. Like in a car, you can have excellent security measures, such as airbags and seat belts, but in the end, it's you who's at the wheel. cheers, J. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: AV Naming Convention, (continued)
- Re: AV Naming Convention Alerta Redsegura (Aug 10)
- Re: AV Naming Convention Nick FitzGerald (Aug 10)
- RE: AV Naming Convention Todd Towles (Aug 10)
- Re: AV Naming Convention Thomas Loch (Aug 10)
- Re: AV Naming Convention Valdis . Kletnieks (Aug 10)
- RE: AV Naming Convention Frank Knobbe (Aug 10)
- Re: AV Naming Convention ASB (Aug 10)
- RE: AV Naming Convention Glenn_Everhart (Aug 10)
- RE: AV Naming Convention Todd Towles (Aug 10)
- Re: AV Naming Convention Jan Muenther (Aug 10)
- RE: AV Naming Convention Todd Towles (Aug 10)
- Re: AV Naming Convention Jan Muenther (Aug 10)
- RE: AV Naming Convention Todd Towles (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 11)
- RE: AV Naming Convention Todd Towles (Aug 11)
- RE: AV Naming Convention Todd Towles (Aug 10)
- Re: AV Naming Convention Valdis . Kletnieks (Aug 10)
- RE: AV Naming Convention Nick FitzGerald (Aug 11)
- RE: AV Naming Convention Rui Pereira (Aug 10)