Dailydave mailing list archives
Re: The Anti-Virus/IDS fantasy world
From: Kradorex Xeron <admin () digibase ca>
Date: Sat, 9 Jun 2007 14:39:04 -0400
On Saturday 09 June 2007 13:52, Dave Aitel wrote:
The weblog snippet below shows the attitude I love about the anti-virus and IDS companies. The "I'm better than you both technically and morally" fantasy they live in is quite amazing. It's like when people derisively say "script kiddie" and 100% of the time they mean "someone who's way better at security than I'll ever be". The reality is that writing malware is incredibly hard, and the people who do it are amazingly talented.
Agreed. Said companies are only interested in marketting and selling their products and will do anything they can to make what they want a reality. That's why security companies often like causing FUD among those who aren't as in-tune to security as most of us on this list are, to cause people to run out to buy their products with little to no question. Furthermore, said companies never act in collective unison with eachother to fight malware, but rather they are disjointed, doing their own thing thus there are time gaps between each other as well as malware some detect, while others do not. Thus no antimalware being perfect and detecting everything known, because those companies are too busy and too proud acting superior to eachother to work collectively. As I've posted elsewhere before, large-scale security companies are too busy developing on the interface, making their software large and bloated instead of what it should be: streamlined and resource-efficient. My appologies on ranting, just whenever I see security companies acting stupidly like this it brings me back to what I've stated above, so I leave one question: If security companies are supposed to be so smart. Why aren't they many steps ahead of the malware authors?
http://www.sophos.com/security/blog/2007/05/120.html """ The fact is, whatever the motivation, writing malware is not 'clever', on the whole it's not even particularly difficult. Although this particular author seems to have trouble because the sample we received didn't work. It takes a lot more skill to identify and remove malware, but in this case, even that wasn't difficult. So my message to the author is, don't bother, get a real job, but don't bother applying to join SophosLabs. In fact judging by the poor quality of what was submitted, I would recommend a completely different career. Update 4th June - If anyone other than malware authors want to join SophosLabs, we're recruiting<http://www.sophos.com/companyinfo/careers/uk/822857832455.html> Mark Harris - Director of SophosLabs """ -dave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Anti-Virus/IDS fantasy world Dave Aitel (Jun 09)
- Re: The Anti-Virus/IDS fantasy world Kradorex Xeron (Jun 15)
- Re: The Anti-Virus/IDS fantasy world toby (Jun 15)
- Re: The Anti-Virus/IDS fantasy world Nathan Landon (Jun 16)
- Re: The Anti-Virus/IDS fantasy world Paul Melson (Jun 16)
- Re: The Anti-Virus/IDS fantasy world val smith (Jun 19)
- <Possible follow-ups>
- The Anti-Virus/IDS fantasy world No Body (Jun 15)
- Re: The Anti-Virus/IDS fantasy world El Nahual (Jun 16)