Re: Nasty propaganda by "security tool" providers

John Hyde <EJhyd@xxxxxxxxxxxx> wrote:
- either they're NOT testing using "general" detection heuristics, but
with a special signature
- or they're testing with "general" detection heuristics, and the
implementations all are totally b0rken, and so equivalent to the
testing with special signatures for detecting special code, because
a very simple modification and recompile is enough to "hide"
I'd say, the first, because the second implies the additional assumption
of the very unlikely conincidence of detecting the original version at
all (Occam's razor). Anyways, assuming the second case, we can say:
Ok, when you say "testing" above are you talking about on the desktop?
in other words, when you use their product on your system?

I'm assuming, they're using the same detection algorithms everywhere.
Why shouldn't they?

If you are talking about "testing" meaning the process that AV companies
use to scan code and create the signatures that will update the
commercial products, then I disagree.

I'm not talking about how they're creating the signatures.

Since we can't "look
inside" the Black Box

Oh, we can. But it's too time consuming to do a reengineering, I think.

Volker,would you be willing to post a detailed description of how (to
the best of your knowledge) your code found it's way to the AV companies
that are now detecting that code?

Avira wrote me, that they're detecting intentionally my tool. Then they
corrected. I think, I can stop speculating now.

Yours,
VB.
--
Ich würde schätzen, dass ca. 87% aller spontanen Schätzungen völlig für
den Arsch sind.

Ralph Angenendt in debate@xxxxxx
.