funsec mailing list archives

Re: The AV.

From: Drsolly <drsollyp () drsolly com>
Date: Mon, 20 Mar 2006 11:58:50 +0000 (GMT)

On Mon, 20 Mar 2006, Gadi Evron wrote:

Drsolly wrote:

In an ordinary collection of business computers (which means they're
mostly running Windows), do you think that AV is some sort of luxury 
extra?


I'd go as far as, on the user and engine side: it serves an important 
purpose, using a technology that was good at the floppy disk days. It 
still vastly uses the same technology and relies on the Internet mostly 
for nothing save updating.

It's slow, it's old, it's reactive, it's out.


Like I keep saying, I don't know of an AV that's good enough that I'd want 
to use it.

It's good for detecting and controlling old threats and cleaning up 
relatively old threats. I believe it will always be good and even 
important for that.

Trying to fit it in a new box every few years doesn't work, and the 
industry itself is so stagnant it finds out about what I call "pop" 
Trojan horses and then spyware years after-the-fact.

So, you think packaging it with a new cool exterior every year or so, 
and a couple of nifty marketing features is going to do it?


Not at all.

This is not to say the AV isn't part of the solution or even an 
important part - I strongly believe in that, or to say most AV-ers 
aren't great guys - most of them are amazing. It just comes to say that 
the industry is inhibiting progress by sticking to it and sticking it to us.

 
It's breathtaking to me that you can say that the AV companies are
"inhibiting progress". There is absolutely nobody and nothing stopping you
from writing something that is ten times better than any of the existing
antivirus products - apart from the small problem that you don't actually
know how to do it (and neither do I).

We live in a capitalist society. If you can make an AV that's ten times 
better than existing products, and ten times cheaper, then I really cannot 
imagine why you haven't done so.

The reason why it hasn't happened, is *not* because the AV companies don't 
want to. It's because they don't know how to - and neither do I.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Spam cube, (continued)
- - - Re: Spam cube Drsolly (Mar 19)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Drsolly (Mar 19)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Drsolly (Mar 19)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Drsolly (Mar 20)
    - The AV. Gadi Evron (Mar 19)
    - Re: The AV. James Kehl (Mar 20)
    - Re: The AV. Drsolly (Mar 20)
    - Re: The AV. Drsolly (Mar 20)
    - RE: Re: The AV. Larry Seltzer (Mar 20)
    - Re: Spam cube Valdis . Kletnieks (Mar 19)
    - Re: Spam cube Drsolly (Mar 20)
    - Re: Spam cube Valdis . Kletnieks (Mar 20)
    - Re: Spam cube Drsolly (Mar 20)
    - Re: Spam cube Stephen J. Smoogen (Mar 20)
    - Re: Spam cube Valdis . Kletnieks (Mar 19)
    - Re: Spam cube Drsolly (Mar 20)
    - Re: Spam cube Valdis . Kletnieks (Mar 20)
    - Re: Spam cube Drsolly (Mar 20)

(Thread continues...)