funsec mailing list archives
Re: another VX site?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 09 Jan 2006 10:41:56 +1300
Drsolly to me:
Of course, whether an AV product _need_ detect, or need deetct _and inform the user_, of the precise variant when, despite the malwares' program logic and/or expression differences, their _effective behaviour_ is the same, is another question. AV uber-purists have (mostly) always aimed for "exact identification" whereas others have tended to go for "if the functionality is about the same such that disinfection is the same we need not be too fussy about identifying precise variants" and a few have always been so sloppy that it matters not what they call something as half its detects are guaranteed to be entirely unrelated and some/many not even malware (for example, some AV -- I forget which offhand -- has a generic "unwanted file" or similar detection for _any file_ it does not have more precise identification of that is packed with FSG).Internally, though, if the product is going to do repair, then exact identification is extremely important. I agree, you don't need to tell the user that it's jerusalem.h or jerusalem.m if those have the same payload, but there's not big downside in displaying that info.
Some would still argue (and have implemented their products thus) that that level of detection is not always necessary, _even when you are doing repair/disinfection_. For parasitic malware it is understandable that you should need as precise detection as possible, but with so much of today's malware being either non-replicative (Trojan, adware, spyware, "hacking tool", etc, etc) or monolithic replicators, where the "repair" is "delete the file and its associated registry entries", some have become fairly keen on "close enough is good enough" for their detection capabilities (dressed up for marketing under fancy-sounding names like "generic detection", "advanced heuristics" and so on...).
Just called my sisters wife, ...It's not germane to this conversation, but I was not aware lesbian marriage was possible/legal anywhere in the US...Maybe they got married in the UK, where we now have same-sex "Civil union", which is (loosely) called "marriage".
Or here -- NZ has had such civil unions for about a year (??) now... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: another VX site?, (continued)
- Re: another VX site? Drsolly (Jan 08)
- Re: another VX site? Nick FitzGerald (Jan 07)
- Viruseseseseses Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 08)
- Re: Viruseseseseses TheGesus (Jan 08)
- Re: Viruseseseseses Drsolly (Jan 08)
- Re: Viruseseseseses Valdis . Kletnieks (Jan 08)
- Re: another VX site? dudevanwinkle () gmail com (Jan 07)
- Re: another VX site? Nick FitzGerald (Jan 07)
- Re: another VX site? dudevanwinkle () gmail com (Jan 07)
- Re: another VX site? Drsolly (Jan 08)
- Re: another VX site? Nick FitzGerald (Jan 08)
- Re: another VX site? Drsolly (Jan 08)
- Re: another VX site? Nick FitzGerald (Jan 08)
- Re: another VX site? Drsolly (Jan 09)
- Re: another VX site? Valdis . Kletnieks (Jan 09)
- Re: another VX site? Drsolly (Jan 08)
- Re: another VX site? dudevanwinkle () gmail com (Jan 08)
- Re: another VX site? Drsolly (Jan 08)
- Re: another VX site? dudevanwinkle () gmail com (Jan 08)
- Re: another VX site? Drsolly (Jan 08)
- Re: another VX site? dudevanwinkle () gmail com (Jan 08)