funsec mailing list archives

Re: Spam cube

From: Drsolly <drsollyp () drsolly com>
Date: Sun, 19 Mar 2006 16:20:21 +0000 (GMT)

On Sun, 19 Mar 2006, Predrag Ivanovic wrote:


[Sorry for late reply,not properly healed eye injury came back with the vengeance,
so I was offline for a while].

On Tue, 7 Mar 2006 16:04:06 +0000 (GMT)
Drsolly wrote:
<snip>

Check the site for details[1](requires Flash for demos,though).


I don't have Flash, because I don't know what it does, and I have trouble
understanding why people will install stuff that has unknown
characteristics, but that's OK, because I wasn't serious.


Heh.Time to recalibrate my humor detector,I guess <g>.
Flash,BTW,is another piece of technology gone bad,but
that is another rant.

<snip>

What do you think about their choice for AV(Norton/McAfee)?
How good are they compared to NOD32,AVG etc?


I don't know of an antivirus that I'd want to use. I'm *very* nervous 
about this idea of installing a new piece of software every single day of 
the year. I know what it was like to create, test and QC for monthly 
updates.


You wrote one,right?Dr.Solomon's Antivirus?


Yes, I wrote that.

It all comes to "do you trust AV vendor?"


No, that's not the problem. The problem is, how can you write and 
adequately test daily upgrades?

<snip>

percent of viruses discovered/removed?


You would not believe how difficult this one is to measure.


IIRC,methodology used for one of the reviews was:
1.put as many malware on computer as you can
2.install antivirus foo,with latest updates
3.scan the system
4.wipe the system,reinstall from image
5.put another AV on it
6.repeat  
And at the end,calculate percentages.


Yes, that works.

But step 1 is incredibly difficult. If you've never done it, you can't 
imagine how difficult.

It's easy to get a collection of files. It's very, very difficult to 
verify that each one is malware. And if you don't do that, you wind up 
giving a good score to a product that gives plenty of false alarms.

It all requires a lot of hard work, and since reviewers are only paid a
few hundred dollars to write these reviews, no-one does it, as far as I
know.


You are right,for software as important as AV are,I rarely come across
any reviews,so users depend on word of mouth and marketing when 
they choose it.

 
Word of mouth is just a worse than usual review. Marketing only tells you 
that the vendor thinks their product is good.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Spam cube Predrag Ivanovic (Mar 06)
- Re: Spam cube Drsolly (Mar 06)
  - Re: Spam cube Predrag Ivanovic (Mar 07)
    - Re: Spam cube Drsolly (Mar 07)
    - Re: Spam cube Predrag Ivanovic (Mar 19)
    - Re: Spam cube Drsolly (Mar 19)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Drsolly (Mar 19)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Drsolly (Mar 19)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Drsolly (Mar 20)
    - The AV. Gadi Evron (Mar 19)
    - Re: The AV. James Kehl (Mar 20)
    - Re: The AV. Drsolly (Mar 20)
    - Re: The AV. Drsolly (Mar 20)

(Thread continues...)