funsec mailing list archives
Re: another VX site?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 08 Jan 2006 15:51:56 +1300
Jeff Kell to Oliver Schneider:
Instead of complaining about naming schemes of other vendors, all vendors should just sit down together and find a common naming scheme *ASAP* - with a *shared base* of names! Because this is were the users think that the vendors are "wrong/silly/etc".The problem there is the influence of AV business/politics. ...
That's crap. AV researchers (sorry Pierre! 8-) ) extensively share samples across "company boundaries". Sometimes, though very rarely now as we have mainly educated them out of the practice (or eradicated them from the industry), this sharing also occurs against "official company policy/ management directive". You're thinking of the fictional AV industry that exists in the minds of the PR flakes and marketing-BS'ers. Those folk (and the fools who swallow the crap they spout) have _NO IDEA_ how the AV industry works at the sharp end of the business...
... There would be no way to have a "common naming authority" without simultaneously making all discoveries and claims common knowledge. ...
Actually, that's also BS as I've devised a scheme that would allow suitably competent researchers to centrally "index" and to a fair degree cross-reference and assure "correct" family placement, etc, etc of new malware which would only divulge that other new variants had been discovered but not (necessarily) by whom or even when. The problem is that the cost of running such a thing securely and reliably would (probably) require corporate (rather than individual researcher- level) funding (though not a huge amount) and at that point I can imagine that the corporate pressures to make more of the information available about others' discoveries that such a system would necessarily hold might make it untenable to run on as "closed" a basis as some researchers and vendors would require for their participation, thereby reducing its value... BUT, I think it still can fly and as I might be the natural choice for the thick-skinned, hard-arsed arrogant bastard who would have to "referee" the occasional problem, I'm keeping it to myself for now.
... The "my AV is better than your AV" war would be somewhat emasculated when this becomes knowledge, and there is no race to the "my AV detected this first" prize.
That "war" only exists in the minds of the PR and marketing fools...
Well, there is something to be said for competition in the implementation and deployment of such detections, but I don't see the for-profit AV vendors suddenly co-operating on a global scale.
You really are well out of touch with how the AV industry works... There already is a significant degree of cross-vendor, inter-researcher cooperation and sample sharing. Dr Solly was one of several early AV "luminaries" responsible for doing much of the groundwork that led to the current situation and others continue pushing its value and educating new generations of AV product managers and the like as they are drafted into our sector of its value and why the PR BS "war" model MUST NOT be the way we work. Of course, we don't do the sample sharing irresponsibly by putting large collections of malware on freely accessible and widely publicized web sites and "protecting" them with "only for genuine research" label, so I can understand that those outside the industry would not be well aware of the degree to which AV researechers (sorry Pierre!) cooperate across vendor "lines". Fortunately some of us have, over the years, shown many others that responsible, trusted sample sharing is more beneficial to your (exployers') customers than the old "hoarde and gloat" approach that John McAfee and a few of his contemporaries practised. (When I was at Virus Bulletin I found an old product box from an early comparative detection test and though I can't remember the exact literal test, the McAfee box (? -- Dr Solly will remember this) had a claim (along with a graph) to the effect "we detect the most viruses", backed up with the "hard facts" (probably from a Patty Hoffman "test") -- McAfee 91, DSAV 89, F-PROT 87 and Norton AntiVirus 72...) Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: another VX site?, (continued)
- Re: another VX site? Valdis . Kletnieks (Jan 08)
- Re: another VX site? Nick FitzGerald (Jan 07)
- Re: another VX site? Drsolly (Jan 08)
- Re: another VX site? Joe Jaroch (Tera Innovations, Inc.) (Jan 07)
- Re: another VX site? Drsolly (Jan 07)
- Re: Re[2]: another VX site? Nick FitzGerald (Jan 07)
- Re: another VX site? Lionel Ferette (Jan 07)
- Re: another VX site? Jeff Kell (Jan 07)
- Re: another VX site? Drsolly (Jan 07)
- Re: another VX site? Oliver Schneider (Jan 07)
- Re: another VX site? Nick FitzGerald (Jan 07)
- beer! [WAS: another VX site?] Gadi Evron (Jan 07)
- Re: beer! [WAS: another VX site?] Nick FitzGerald (Jan 07)
- Re: beer! [WAS: another VX site?] Drsolly (Jan 08)
- Re: beer! [WAS: another VX site?] Nick FitzGerald (Jan 08)
- Re: beer! [WAS: another VX site?] Drsolly (Jan 08)
- Re: another VX site? Drsolly (Jan 08)
- RE: another VX site? Nick FitzGerald (Jan 07)
- RE: another VX site? Oliver Schneider (Jan 08)
- RE: another VX site? Nick FitzGerald (Jan 08)
- RE: another VX site? Drsolly (Jan 09)