funsec mailing list archives
Re: SourceFire buys ClamAV
From: "C Q" <kyle.c.quest () gmail com>
Date: Fri, 17 Aug 2007 13:24:19 -0400
They will find a way around this promise... Sure they might leave the existing database "as is", but then they'll slowly start introducing additional/enhanced signatures under their license. And then the next thing you know a significant number of signatures are "special" that you no longer can use anyway you want, etc... It's a bit easier with IDSes to have alternative signatures... because there's just not as many new threats where with viruses there's a constant flow of new ones and if you start fragmenting the signature creation effort the quality and the coverage will suffer. And because their "special"/tested/quality/whatever signatures have the commercial backing and the necessary resources the users will be slowly encouraged to use them :-) And that's not all... the future holds even more changes... just like what happened with Nessus 3. As the top open source projects gain popularity and especially commercial success their owner will be financially motivated to lockdown their data files (signatures, etc) and then the source code to prevent other commercial entities from capitalizing on the use of the same software. The guys with the pockets full of money will demand it to avoid dealing with competitors that are using the same technology to make bigger profits... Nessus 3 was the first big open source project, now it's MySql with their enterprise database server (RedHat doesn't really count with their ES because they don't own the kernel, so they couldn't close it). On 8/17/07, Jordan Wiens <numatrix () ufl edu> wrote:
I actually asked that question on their investor call this morning. They said as a part of the acquisition they pledged to leave the malware database and signatures under the same license they're under now. Besides, I'm sure the bleeding threats guys or someone else would fill in the void for truely open source signatures. In fact, who says you need VRT sigs now to be "properly" protected? There's plenty of other sources of quality signatures. What is interesting is that part of the goal is to produce a "clean" codebase, I assume to be "untained" by pesky contributions so that they can dual-license the product. The goal for that was about a year from now. At least they're not just arbitrarily changing the license without getting permission from contributers this time (sorry, Marty!). -- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 On Aug 17, 2007, at 10:46 AM, C Q wrote:Anybody feels like placing bets on how long it's going to take SourceFire to pull the same trick with ClamAV signatures they pulled with Snort signatures where you'll need to "conveniently" license the signatures from SourceFire to have the latest ones to be properly protected :-) The engine source code will be useless if you don't have the very latest AV sigs...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Jordan Wiens (Aug 17)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Dude VanWinkle (Aug 17)
- Re: SourceFire buys ClamAV Jordan Wiens (Aug 17)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Blue Boar (Aug 17)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Dude VanWinkle (Aug 18)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Jordan Wiens (Aug 17)