Re: Securing our computers?

[Valdis.Kletnieks () vt edu]

On Mon, 03 Nov 2008 09:05:45 EST, "Memisyazici, Aras" said:

> * cost of maintaining a team of clued -IT prof.'s who will create/update a
> central db of sig's on extreme hardware by cooperating with other vendors who
> will deliberately shoot down attempts b/c such a product will drive down their
> sales (not everyone cares for the greater good, in today's greedy society)

Actually Russ - you're not quite right on this one.  Down in the trenches,
the various A/V techies *do* cooperate across company boundaries an awful
lot - although actual signatures aren't much use to exchange because the
engines that interpret them are proprietary and dissimilar, samples get
exchanged *all* the time (where do you *think* all those samples that get
sent to virustotal.com go? :), and hints/suggestions of what they've managed
to RE of the sample's structure and behavior - "Hey, it's using the WizBang
packer, and you probably wanna look at this registry entry, and...."

Think for a moment: how come Symantec can release a pattern only 3 hours
after they see the first sample - and they already know what their competitors
are calling the critter?

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/