RE: [Full-Disclosure] Show me the Virrii!

• Previous message: Tri Huynh: "[Full-Disclosure] Yahoo Instant Messenger Long Filename Downloading Buffer Overflow"
• Maybe in reply to: Richard Maudsley: "[Full-Disclosure] Show me the Virrii!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <Valdis.Kletnieks@vt.edu>
Date: Thu, 8 Jan 2004 09:10:13 +0100

>"Research" isn't what you're doing when you're planning to figure out
how to
>stop the *next* new attack by studying the terabytes of examples of how
that
>idea didn't stop the attack last time.

No actually research is finding generic signatures for larger virus/wom
families, generic detection for virus/worm types, implementing emulated
Win32/DOS environment within the virus scanner to analyse the behaviour
of a program. Something like this. Not entirely useless. Recently posted
a couple of links that investigate the efficiency of these methods. The
results are still far from being assuring, but saying that these methods
are useless is ignoring tha facts.

>What you're doing there is milking a cash cow rather than finding a new
way to
>actually fix the problem right.

Exactly. Like onvincing the people that writing and distributing viruses
is a bad thing. But this smells like a flame.

Regards,
Gabor Szappanos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Tri Huynh: "[Full-Disclosure] Yahoo Instant Messenger Long Filename Downloading Buffer Overflow"
• Maybe in reply to: Richard Maudsley: "[Full-Disclosure] Show me the Virrii!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]