Re: MS Anti Virus?

[Valdis.Kletnieks () vt edu]

On Fri, 18 Jun 2004 06:30:55 +1200, Nick FitzGerald <nick () virus-l demon co uk>  said:
> Valdis.Kletnieks () vt edu wrote:
>
> > Naah.. They'd never use an undocumented API to benefit their product at the
> > expense of the competition, would they? ;)
>
> In this case, no.
>
> Given that a lot of AV technical work is reverse engineering and that 
> most of the best AV reversers are not among those MS "acquired" from 
> RAV or who have joined MS from other AV developers subsequently (not 
> that they haven't got some very good reversers, just there are still an 
> awful ot of them elsewhere), I doubt even MS is stupid enough to 
> consider trying something like this.

You're forgetting that in this case, technical excellence fall behind marketing
and treachery in importance....

You don't think that the MS reverse engineers couldn't do better, if they had
an API that would tell them the exact footprints associated with a known
vulnerability?  :)

Remember that the BugBear virus used an undocumented API to snarf
all the passwords: http://www.extremetech.com/article2/0,3973,582176,00.asp

You really expect us to believe that the M$ AV team won't leverage off the
fact that they could know about that API, and all the others in Windows?

Now consider all the cases where Microsoft has shipped a half-working patch
that closes some cases but not others - could that be a case of "we intentionally
shipped half the patch because we're going to let our AV software in on the secret
sauce so it can install the OTHER half of the patch"?  :)

Attachment: _bin
Description: