funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: standards status in the industry - opinion?

From: Drsolly <drsollyp () drsolly com>
Date: Sun, 8 Jan 2006 00:10:08 +0000 (GMT)
On Sun, 8 Jan 2006, Gadi Evron wrote:


I agree 100%.  Purely signature-based scanning that proved able to
detect all the WMF exploits out there would produce scores of FPs.  It's
yet another example of why sig scanning is broken.

When I said we were setting our standards too low on AV, I didn't mean
that I wanted the AVers to just produce better sigs.  Better technology
is one of the things AV needs as well.  We've set our standards *FAR*
too low there, and are still allowing AVers to ram this terrible,
decades-old technology down our throats.


I disagree on a part of what you say.

If AV-ers could make better detection, they would. They are no slackers.

The fact that the marketing part of the business keeps sticking that 
same solution down our throats is indeed the truth, and it is no longer 
adequate and research should proceed in other fields as well.

Our industry likes old and stable though. It fits well in budget requests.


I can tell you that in 1988, signature-based scanning was not "old and 
stable". 

A replacement for this is possible, and I think I can even see how to do 
it. But it's someone else's turn to implement it.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: