funsec mailing list archives
Re: another VX site?
From: Drsolly <drsollyp () drsolly com>
Date: Sun, 8 Jan 2006 17:23:18 +0000 (GMT)
There already is a significant degree of cross-vendor, inter-researcher cooperation and sample sharing. Dr Solly was one of several early AV "luminaries" responsible for doing much of the groundwork that led to the current situation and others continue pushing its value and educating new generations of AV product managers and the like as they are drafted into our sector of its value and why the PR BS "war" model MUST NOT be the way we work. Of course, we don't do the sample sharing
The "war" model is fine for pricing, packaging, user interface, tech support, distribution of product and loads of other things, and it's right and proper that there should be competition between the companies. But us techies could see that we could devote a *lot* less time to seeking out specimens, if we just shared everything unconditionally. Thus, the pursuit of laziness once again led to the right answer. So, at each Caro meeting, we would set up a portable file server, everyone opied everything they had to that server, then everyone copied all that stuff back to their own portable. Then, when you got back to the virus lab, you had the humungous job of sorting all that out. That's when I wrote "Trashcan", another tool we shared, because it would identify previously-analysed garbage, so you didn't have to look at it again.
John McAfee and a few of his contemporaries practised. (When I was at Virus Bulletin I found an old product box from an early comparative detection test and though I can't remember the exact literal test, the McAfee box (? -- Dr Solly will remember this) had a claim (along with a graph) to the effect "we detect the most viruses", backed up with the "hard facts" (probably from a Patty Hoffman "test")
I did an analysis of her test suite once. The most amazing file was one that was 4096 bytes of hex 20 (spaces).
-- McAfee 91, DSAV 89, F-PROT 87 and Norton AntiVirus 72...)
I don't remember. I do remember a fight I had with our own marketing people - we were using the Domesdos bottle (very well known in the UK) as our advert (with their permission, of course), and Marketing wanted to claim "Kills 100% of all known viruses", and we had third party reviews so we could show that the claim had a firm basis. I said, "no", and insisted that we claim 99%, because I don't know much about marketing, but I do know that you have to make a credible claim, if you make an incredible claim, you lose the customer. So we claimed "Detects 99% of all known viruses" (which is very like the Domesdos advert, of course). If you're going to market and advertise, you do have to make claims about the product. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: another VX site?, (continued)
- Re: another VX site? Lionel Ferette (Jan 07)
- Re: another VX site? Jeff Kell (Jan 07)
- Re: another VX site? Drsolly (Jan 07)
- Re: another VX site? Oliver Schneider (Jan 07)
- Re: another VX site? Nick FitzGerald (Jan 07)
- beer! [WAS: another VX site?] Gadi Evron (Jan 07)
- Re: beer! [WAS: another VX site?] Nick FitzGerald (Jan 07)
- Re: beer! [WAS: another VX site?] Drsolly (Jan 08)
- Re: beer! [WAS: another VX site?] Nick FitzGerald (Jan 08)
- Re: beer! [WAS: another VX site?] Drsolly (Jan 08)
- Re: another VX site? Drsolly (Jan 08)
- RE: another VX site? Nick FitzGerald (Jan 07)
- RE: another VX site? Oliver Schneider (Jan 08)
- RE: another VX site? Nick FitzGerald (Jan 08)
- RE: another VX site? Drsolly (Jan 09)
- Re: another VX site? Gadi Evron (Jan 06)
- Re: another VX site? val smith (Jan 06)
- Re: another VX site? Drsolly (Jan 06)
- Re: another VX site? der Mouse (Jan 09)