Re: Anti-Virus Testing and Consumer Reports

[Nick FitzGerald <nick () virus-l demon co uk>]

Drsolly wrote:

> I'm really surprised that neither Paul nor David knew that this repository 
> already exists, and is shared by the AV vendors, on a vetted basis.

Really?

You're surprised that really, really bright and clearly intelligent 
folk who know virtually nothing about what they're now talking about 
might miss something so fundamental?

Wow -- and I thought you were one of the smart cookies in all this...

8-)

To quote from the referenced article:

   [Anti-virus companies] have to understand that if they hoard [new
   malware samples], then they're going to be lonesome.

What part of multi-gigabytes per month per vendor sample distributions 
does the above statement align with?

No offense to David or Paul, but the samples you are seeing at any 
given moment are no more or less the most important samples for any 
other vendor or victim than those you are not only not seeing at this 
moment, but will never see.  The solution to that is "eventually" all 
these samples will be shared and distributed, but even then, they will 
not be instantly processed and detection added as there are yet further 
resource constraints on the vendors.  Thus, even if all samples could 
be got to every vendor instantly, the detection scenario would likely 
not change much, so we have a solution looking for a problem...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.