Focus on Virus
Consumer Reports AV and their 5,500 new variants Aug 22 2006 03:48AM
Bill Stout (bill stout greenborder com) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Aug 22 2006 07:00PM
Bill Stout (bill stout greenborder com) (2 replies)
Re: Consumer Reports AV and their 5,500 new variants Sep 05 2006 05:24AM
Kurt Seifried (bt seifried org) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 08:01AM
Bill Stout (bill stout greenborder com) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 02:20PM
Paul Schmehl (pauls utdallas edu) (1 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 03:31PM
Roger A. Grimes (roger banneretcs com) (3 replies)
RE: Consumer Reports AV and their 5,500 new variants Sep 18 2006 04:50PM
Bill Stout (bill stout greenborder com)
[Reposting at moderators request -bill]

Hi Roger,

I read your article:
http://www.infoworld.com/article/06/09/08/37OPsecadvise_1.html

Well done! Besides pointing out the soft underbelly of the AV
community, you gracefully avoided the controversy of creating new
malware.

The analogy I use when describing defensive computer security, is like
coming home from a Karate class, and demonstrating your latest moves:

"Try to hit my chin. Ow! Slower. No, a little higher. Wait, my foot
wasn't in the right place. Hold on, I wasn't ready. OK, now. With the
other hand! No, you're supposed to let me grab your wrist. You're not
cooperating!"

The old karate demands a cooperative attacker, or at least one that
follows a known set of rules.

Corporate Firewalls were once seen as the ultimate defense, but
intruders were supposed to follow network rules and not hopscotch in
through harmless port traffic, or have the user install something
interesting that connected out to the intruder, and computers were not
supposed to travel out of the network perimeter.

With all due respect the old guard (I'm not that young myself), I wonder
if AV is 'the old karate'. Maybe some of the experts should try out a
few new attacks.

Bill Stout

Disclaimer - "I don't speak for my employer. Some of my evening posts
are accompanied by a glass of whiskey or wine. I don't always pay
attention when I type."

Obligatory political statement - 'No peace for terrorists'

-----Original Message-----
From: Roger A. Grimes [mailto:roger (at) banneretcs (dot) com [email concealed]]
Sent: Wednesday, September 06, 2006 8:31 AM
To: Paul Schmehl; Bill Stout; Kurt Seifried;
focus-virus (at) securityfocus (dot) com [email concealed]
Cc: rubin (at) jhu (dot) edu [email concealed]
Subject: RE: Consumer Reports AV and their 5,500 new variants

I've been doing AV for 20 years now, and supported this basic safety
tenet,
but the Consumer Reports' lab testing incident doesn't bother me.

It had a good AV expert behind the work, tested logical goals that can
only
be tested by creating new malware programs, and was kept controlled. If
it
wasn't done by a professional and if great care wasn't taken to make
sure
they didn't leak, I'd be bothered. But let's be honest, at this point,
the
malware problem is so bad, the AV vendors are so bad at detecting them,
and
so many variants are being created each day, that the original problem
of
something new leaking out, just isn't the priority it used to be.

If I worked for an AV vendor, I'd stop my complaining and get to work on
a
better product. The state of AV protection is as bad as it has ever
been.
I've been reading about the "death of antivirus scanners" for 20 years
now,
but for the first time I think their time is nearing the end, and I say
so
in my Friday column in InfoWorld.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes (at) infoworld (dot) com [email concealed] or roger (at) banneretcs (dot) com [email concealed]
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************

-----Original Message-----
From: Paul Schmehl [mailto:pauls (at) utdallas (dot) edu [email concealed]]
Sent: Wednesday, September 06, 2006 10:21 AM
To: Bill Stout; Kurt Seifried; focus-virus (at) securityfocus (dot) com [email concealed]
Cc: rubin (at) jhu (dot) edu [email concealed]
Subject: RE: Consumer Reports AV and their 5,500 new variants

--On Wednesday, September 06, 2006 01:01:39 -0700 Bill Stout
<bill.stout (at) greenborder (dot) com [email concealed]> wrote:
>
> Indeed, the consensus throughout the antivirus development and testing

> community is that creating a new virus or variant for product testing
> would be very bad - and totally unnecessary. To do so would
> undoubtedly raise questions about their ethics."
>
> Maybe opinions have changed on creating viruses in a closed test lab,
> and it's no longer unethical.
>
I can assure you that within the AVIEN community nothing has changed.
We
are completely oppposed to the creation of viruses in a lab, for many
reasons, all of which we have publicly articulated.

Paul Schmehl (pauls (at) utdallas (dot) edu [email concealed])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 11:48PM
Nick FitzGerald (nick virus-l demon co uk)
RE: Consumer Reports AV and their 5,500 new variants Sep 06 2006 08:23PM
Bill Stout (bill stout greenborder com)
Symantec AV Strategy Aug 24 2006 06:14AM
Serge Vondandamo (serge vondandamo wanadoo fr) (2 replies)
Re: Symantec AV Strategy Aug 24 2006 08:22PM
Edgar B. Tijerino (ebt2001 med cornell edu)
RE: Symantec AV Strategy Aug 24 2006 02:22PM
Robert D. Holtz - Lists (robert d holtz gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus