Full Disclosure mailing list archives
Re: Securing our computers?
From: Valdis.Kletnieks () vt edu
Date: Mon, 03 Nov 2008 09:46:09 -0500
On Mon, 03 Nov 2008 09:05:45 EST, "Memisyazici, Aras" said:
* cost of maintaining a team of clued -IT prof.'s who will create/update a central db of sig's on extreme hardware by cooperating with other vendors who will deliberately shoot down attempts b/c such a product will drive down their sales (not everyone cares for the greater good, in today's greedy society)
Actually Russ - you're not quite right on this one. Down in the trenches, the various A/V techies *do* cooperate across company boundaries an awful lot - although actual signatures aren't much use to exchange because the engines that interpret them are proprietary and dissimilar, samples get exchanged *all* the time (where do you *think* all those samples that get sent to virustotal.com go? :), and hints/suggestions of what they've managed to RE of the sample's structure and behavior - "Hey, it's using the WizBang packer, and you probably wanna look at this registry entry, and...." Think for a moment: how come Symantec can release a pattern only 3 hours after they see the first sample - and they already know what their competitors are calling the critter?
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Securing our computers?, (continued)
- Re: Securing our computers? Paul Ferguson (Nov 03)
- Re: Securing our computers? Valdis . Kletnieks (Nov 02)
- Re: Securing our computers? n3td3v (Nov 03)
- Re: Securing our computers? mcwidget (Nov 03)
- Re: Securing our computers? Valdis . Kletnieks (Nov 03)
- Re: Securing our computers? mcwidget (Nov 03)
- Re: Securing our computers? Pavel Labushev (Nov 03)
- Re: Securing our computers? Simon Richter (Nov 03)
- Re: Securing our computers? Valdis . Kletnieks (Nov 03)
- Re: Securing our computers? Memisyazici, Aras (Nov 03)
- Re: Securing our computers? Valdis . Kletnieks (Nov 03)
- Re: Securing our computers? mcwidget (Nov 03)
- Re: Securing our computers? Elazar Broad (Nov 03)
- Re: Securing our computers? Michael Boman (Nov 03)
- Re: Securing our computers? Anders Klixbull (Nov 04)
- Re: Securing our computers? Michael Boman (Nov 03)
- Re: Securing our computers? Elazar Broad (Nov 04)