[Full-Disclosure] Re: Show me the Virii! (Pyrrhic heuristic)

• Previous message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 412-1] New nd packages fix buffer overflows"
• In reply to: Feher Tamas: "[Full-Disclosure] Re: Show me the Virii! (Pyrrhic heuristic)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Tue, 6 Jan 2004 12:28:14 -0000

>From: "Feher Tamas" <etomcat@freemail.hu>
>
>Anti-Virus heuristics' job is not to catch unknown viruses, but to
>measure the amount of lazy factor in virus authors' blood.
>
>The fully functional trial versions (usually 30-day limited) of all anti-virus
>packages by all vendors is available on the Web. You just download it,
>no hassle, anonimously. Obviously, AV companies need to sell their
>products and free trial versions are an effective way of convincing the
>would-be customers of the software's merits.

>But there is a side effect: virus writers can also test their new creations
>in-house, for free. [snip]

This is a good point, but is not the full picture. I know of at least four
companies offering virus scanning as an outsourced service, who use
their own scanners. These are not available to the virus writer offline,
and therefore it is much harder to get viruses past them.

>I think heuristics has a limited future in the AV field...

I guess I better start looking for a new job then :-)

Regards,

Alex

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 412-1] New nd packages fix buffer overflows"
• In reply to: Feher Tamas: "[Full-Disclosure] Re: Show me the Virii! (Pyrrhic heuristic)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages The Truth About AIDS. Biological Warfare at is finest ... AIDS was created in a test tube and released into the population. ... Contrary to widespread speculations that human AIDS viruses arose from ... National Cancer Institute researchers noted that "only one virus ... virus RNA, associated with leukemia and sarcoma development, and ... (rec.org.mensa) Re: I switched to Firefox because--Solved ... Mac OS 9 and earlier had some virus problem, but none so far for Mac OS ... Earlier Mac viruses do not impact Mac OS X. ... > was AutoStart 9805, the first known Macintosh worm, which originated in Asia ... (microsoft.public.windowsxp.general) Re: GAH! Pandemic fears excuse for power grab! ... INFLUENZA PANDEMICS AND OUTBREAK OF H5N1 VIRUS IN HONG KONG IN 1997 ... Origin of Pandemic Viruses That Emerged in the 20th Century ... Four human influenza pandemics have occurred in this century. ... involve genes encoding HA (high cleavability due to multiple basic amino ... (rec.martial-arts) Re: Just venting (totally OT) ... Check out the industry bods who evaluate this stuff. ... They miss something like 70% to 80% of the contemporary virus threat. ... They are rotten at detecting new viruses that the software companies ... (uk.people.support.depression) RE: Using viruses in pen-test ... I wonder if there is some type of "fake" virus you could use in this case. ... David A. Swafford, Network Engineer ... I wish to know your views on "Using viruses in pen-test"I ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test)