RE: Kaspersky strikes again

["Thomas Raef" <traef () ebasedsecurity com>]

Is it constant corporate rivalries that forced AV companies to "brag" about releasing updates every hour?

Wouldn't it be an effective marketing message to talk about this very topic and tell why they don't release new sigs 
every hour? Too often it seems as if technology is driven by the wrong part of the corporate world. I'm sure the guys 
releasing sigs wouldn't want to advertise "new sigs every hour". They would probably prefer to release them, "when 
they're ready".

I understand that Virtual PCs may not be the answer, if it were, I'm sure they'd all be using them. I could not imagine 
undertaking the task of zero false positives, yet the most updated sig database. They probably have to find a balance 
and make that their focus.

Enough of my thoughts.

Everyone enjoy your holiday - whatever "higher power" you may or may not believe in.

Thomas J. Raef
e-Based Security, LLC
http://www.ebasedsecurity.com
traef () ebasedsecurity com
1-866-251-5803

> -----Original Message-----
> From: Alex Eckelberry [mailto:AlexE () sunbelt-software com]
> Sent: Sunday, December 23, 2007 2:47 PM
> To: Larry Seltzer; Thomas Raef; funsec () linuxbox org
> Subject: RE: [funsec] Kaspersky strikes again
>
> Virtual PCs are not necessarily all that useful for testing malware.
> And one of your bigger challenges is in creating an adequate whitelist
> to test against FPs.  You're talking at least 20 terrabytes of
> whitelist
> data -- think of all the different versions of Office, all the drivers,
> etc.  It's not a small undertaking.
>
> Alex
>
>
> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
> On Behalf Of Larry Seltzer
> Sent: Sunday, December 23, 2007 7:22 AM
> To: Thomas Raef; funsec () linuxbox org
> Subject: RE: [funsec] Kaspersky strikes again
>
> > > > How tough is it for a large company to have 50 or so "clean"
> > > > workstations, packed with applications
>
> > Especially virtual PCs? I would think that would be their test
> platform of choice.
>
> I've been involved setting up in a lot of testing labs and this is the
> dream scenario. It does ignore certain compatibility issues, in that
> you're not testing real PCs, but the potential number of those is
> infinite.
>
> I think Andreas Marx at AV-Test has a virtual PC test lab. It's the
> only
> way he could test the massive number of variants and products he does.
> I'm sure it's like knocking down a zillion dominoes, all the work is in
> setting up the test.
>
> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blogs.pcmag.com/securitywatch/
> Contributing Editor, PC Magazine
> larry.seltzer () ziffdavisenterprise com
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.17.6/1193 - Release Date:
> 12/22/2007 2:02 PM

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.17.6/1193 - Release Date: 12/22/2007 2:02 PM
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.