RE: [Full-Disclosure] Show me the Virrii!
From: VBuster (gszappanos_at_virusbuster.hu)
To: <Valdis.Kletnieks@vt.edu> Date: Thu, 8 Jan 2004 09:10:13 +0100
>"Research" isn't what you're doing when you're planning to figure out
>stop the *next* new attack by studying the terabytes of examples of how
>idea didn't stop the attack last time.
No actually research is finding generic signatures for larger virus/wom
families, generic detection for virus/worm types, implementing emulated
Win32/DOS environment within the virus scanner to analyse the behaviour
of a program. Something like this. Not entirely useless. Recently posted
a couple of links that investigate the efficiency of these methods. The
results are still far from being assuring, but saying that these methods
are useless is ignoring tha facts.
>What you're doing there is milking a cash cow rather than finding a new
>actually fix the problem right.
Exactly. Like onvincing the people that writing and distributing viruses
is a bad thing. But this smells like a flame.
Full-Disclosure - We believe in it.