Focus on Virus
Consumer Reports AV and their 5,500 new variants Aug 22 2006 03:48AM
Bill Stout (bill stout greenborder com) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Aug 22 2006 07:00PM
Bill Stout (bill stout greenborder com) (2 replies)
Re: Consumer Reports AV and their 5,500 new variants Sep 05 2006 05:24AM
Kurt Seifried (bt seifried org) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 08:01AM
Bill Stout (bill stout greenborder com) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 02:20PM
Paul Schmehl (pauls utdallas edu) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 03:31PM
Roger A. Grimes (roger banneretcs com) (3 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 18 2006 04:50PM
Bill Stout (bill stout greenborder com)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 11:48PM
Nick FitzGerald (nick virus-l demon co uk)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 08:23PM
Bill Stout (bill stout greenborder com)
Hi Roger,

I didn't see your column on the state of AV protection, it's coming this
Friday?
http://www.infoworld.com/archives/t.jsp?N=c&V=Security%20Adviser&F=2002

Besides Paul's affirmation, I've received replies from other signers of
the letter that their ethics haven't changed. The old guard holds that
it's not OK to create malware, even within a closed environment.

We (I) have the challenge of testing a product which provides passive
protection without analysis or signatures or detection. I need to leak
test the 'software membrane' it creates between an application and the
OS (my description, not of the company). Therefore we have a desire to
throw as many possible variants of malware against it as we can get our
hands on, and a story like CR provides ammunition to the execs.

Bill Stout

-----Original Message-----
From: Roger A. Grimes [mailto:roger (at) banneretcs (dot) com [email concealed]]
Sent: Wednesday, September 06, 2006 8:31 AM
To: Paul Schmehl; Bill Stout; Kurt Seifried;
focus-virus (at) securityfocus (dot) com [email concealed]
Cc: rubin (at) jhu (dot) edu [email concealed]
Subject: RE: Consumer Reports AV and their 5,500 new variants

I've been doing AV for 20 years now, and supported this basic safety
tenet,
but the Consumer Reports' lab testing incident doesn't bother me.

It had a good AV expert behind the work, tested logical goals that can
only
be tested by creating new malware programs, and was kept controlled. If
it
wasn't done by a professional and if great care wasn't taken to make
sure
they didn't leak, I'd be bothered. But let's be honest, at this point,
the
malware problem is so bad, the AV vendors are so bad at detecting them,
and
so many variants are being created each day, that the original problem
of
something new leaking out, just isn't the priority it used to be.

If I worked for an AV vendor, I'd stop my complaining and get to work on
a
better product. The state of AV protection is as bad as it has ever
been.
I've been reading about the "death of antivirus scanners" for 20 years
now,
but for the first time I think their time is nearing the end, and I say
so
in my Friday column in InfoWorld.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes (at) infoworld (dot) com [email concealed] or roger (at) banneretcs (dot) com [email concealed]
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************

-----Original Message-----
From: Paul Schmehl [mailto:pauls (at) utdallas (dot) edu [email concealed]]
Sent: Wednesday, September 06, 2006 10:21 AM
To: Bill Stout; Kurt Seifried; focus-virus (at) securityfocus (dot) com [email concealed]
Cc: rubin (at) jhu (dot) edu [email concealed]
Subject: RE: Consumer Reports AV and their 5,500 new variants

--On Wednesday, September 06, 2006 01:01:39 -0700 Bill Stout
<bill.stout (at) greenborder (dot) com [email concealed]> wrote:
>
> Indeed, the consensus throughout the antivirus development and testing

> community is that creating a new virus or variant for product testing
> would be very bad - and totally unnecessary. To do so would
> undoubtedly raise questions about their ethics."
>
> Maybe opinions have changed on creating viruses in a closed test lab,
> and it's no longer unethical.
>
I can assure you that within the AVIEN community nothing has changed.
We
are completely oppposed to the creation of viruses in a lab, for many
reasons, all of which we have publicly articulated.

Paul Schmehl (pauls (at) utdallas (dot) edu [email concealed])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]
Symantec AV Strategy Aug 24 2006 06:14AM
Serge Vondandamo (serge vondandamo wanadoo fr) (2 replies)
Re: Symantec AV Strategy Aug 24 2006 08:22PM
Edgar B. Tijerino (ebt2001 med cornell edu)
RE: Symantec AV Strategy Aug 24 2006 02:22PM
Robert D. Holtz - Lists (robert d holtz gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus