funsec mailing list archives
Re: No AV? Shock, horror!
From: Paul Ferguson <fergdawgster () gmail com>
Date: Tue, 29 Sep 2009 00:29:56 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Sep 29, 2009 at 12:15 AM, Dan Kaminsky <dan () doxpara com> wrote:
We would agree: http://countermeasures.trendmicro.eu/in-security-reputation-is-key/I guess the real question is this: How large is the long tail of viruses? Suppose, if you will, that there are "hits" in the malware space -- individual pieces of malware that get spread all over. Suppose we grant that AV has a reasonably good chance of catching the hits. Suppose also that there's some infection rate, below which a particular attack vector or payload will not have a signature generated for it because nobody will find it. Infections by these rare payloads would constitute a sort of "long tail" of malware -- too rare for a signature, but in aggregate, possibly common enough to represent a significant number of infections. But how common? I mean, we know the long tail doesn't work exactly as promised in the media space. We also know there's a lot of infected boxes out there running AV. It'd be really interesting if we had data around this question.
A good starting point would be taking a look at the Rogue AV landscape right now -- it's all over the place. It is somewhat unique in this regard, because of the delivery methods being used (e.g. various botnets, social engineering ruses, etc.) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKwbdtq1pz9mNUZTMRAgimAJ4i21VvPzEWkhNPX4TtR2QwtTNr3wCg6xDw o8fGXfpw7kR4SMCeTfLmBMA= =rfvY -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: No AV? Shock, horror!, (continued)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 30)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Toralv_Dirro (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 28)
- Re: No AV? Shock, horror! Charles Miller (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 28)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 29)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Charles Miller (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)