Re: another VX site?

[Drsolly <drsollyp () drsolly com>]

> There already is a significant degree of cross-vendor, inter-researcher 
> cooperation and sample sharing.  Dr Solly was one of several early AV 
> "luminaries" responsible for doing much of the groundwork that led to 
> the current situation and others continue pushing its value and 
> educating new generations of AV product managers and the like as they 
> are drafted into our sector of its value and why the PR BS "war" model 
> MUST NOT be the way we work.  Of course, we don't do the sample sharing 

The "war" model is fine for pricing, packaging, user interface, tech
support, distribution of product and loads of other things, and it's right
and proper that there should be competition between the companies. But us
techies could see that we could devote a *lot* less time to seeking out
specimens, if we just shared everything unconditionally. Thus, the pursuit
of laziness once again led to the right answer.

So, at each Caro meeting, we would set up a portable file server, everyone
opied everything they had to that server, then everyone copied all that
stuff back to their own portable.

Then, when you got back to the virus lab, you had the humungous job of 
sorting all that out. That's when I wrote "Trashcan", another tool we 
shared, because it would identify previously-analysed garbage, so you 
didn't have to look at it again.

> John McAfee and a few of his contemporaries practised.  (When I was at 
> Virus Bulletin I found an old product box from an early comparative 
> detection test and though I can't remember the exact literal test, the 
> McAfee box (? -- Dr Solly will remember this) had a claim (along with a 
> graph) to the effect "we detect the most viruses", backed up with the 
> "hard facts" (probably from a Patty Hoffman "test") 

I did an analysis of her test suite once. The most amazing file was one 
that was 4096 bytes of hex 20 (spaces).

> -- McAfee 91, DSAV 
> 89, F-PROT 87 and Norton AntiVirus 72...)
 
I don't remember. 

I do remember a fight I had with our own marketing people - we were using
the Domesdos bottle (very well known in the UK) as our advert (with their
permission, of course), and Marketing wanted to claim "Kills 100% of all
known viruses", and we had third party reviews so we could show that the
claim had a firm basis. I said, "no", and insisted that we claim 99%,
because I don't know much about marketing, but I do know that you have to
make a credible claim, if you make an incredible claim, you lose the
customer. So we claimed "Detects 99% of all known viruses" (which is very
like the Domesdos advert, of course).

If you're going to market and advertise, you do have to make claims about 
the product. 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.