Re: [Full-disclosure] Anti-Virus vendors prove less-effective

["David Kierznowski" <david.kierznowski () gmail com>]

James, this is the problem with AV in general and not specific to this problem.

detecting the problem & defense in depth mitigates zero-day, however,
when very basic code gets past AV this is definitely an area that
needs work.

24/04/07, James Matthews <nytrokiss () gmail com> wrote:
> How can these people put out a good product against scripts where you can
> change anything and it will still work!
>
> On 4/24/07, David Kierznowski <david.kierznowski () gmail com> wrote:
> >
> > Web Backdoor Compilation along with  Dancho Danchev AV research has proven
> > how less-effective many of these products are when detecting web malware.
> >
> > The results are certainly not a shocker but definately an eye opener. WBC
> > has certainly demonstrated what all security researchers already know,
> this
> > area needs work!
> >
> > See: http://michaeldaw.org/news/news-042407/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> http://www.goldwatches.com/watches.asp?Brand=39
> http://www.wazoozle.com

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level 
attacks that hackers use to sneak into web applications today. This 
whitepaper will discuss how traditional XSS attacks are performed, how to 
secure your site against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------