funsec mailing list archives
RE: Kaspersky strikes again
From: "Thomas Raef" <traef () ebasedsecurity com>
Date: Sun, 23 Dec 2007 17:33:21 -0600
Is it constant corporate rivalries that forced AV companies to "brag" about releasing updates every hour? Wouldn't it be an effective marketing message to talk about this very topic and tell why they don't release new sigs every hour? Too often it seems as if technology is driven by the wrong part of the corporate world. I'm sure the guys releasing sigs wouldn't want to advertise "new sigs every hour". They would probably prefer to release them, "when they're ready". I understand that Virtual PCs may not be the answer, if it were, I'm sure they'd all be using them. I could not imagine undertaking the task of zero false positives, yet the most updated sig database. They probably have to find a balance and make that their focus. Enough of my thoughts. Everyone enjoy your holiday - whatever "higher power" you may or may not believe in. Thomas J. Raef e-Based Security, LLC http://www.ebasedsecurity.com traef () ebasedsecurity com 1-866-251-5803
-----Original Message----- From: Alex Eckelberry [mailto:AlexE () sunbelt-software com] Sent: Sunday, December 23, 2007 2:47 PM To: Larry Seltzer; Thomas Raef; funsec () linuxbox org Subject: RE: [funsec] Kaspersky strikes again Virtual PCs are not necessarily all that useful for testing malware. And one of your bigger challenges is in creating an adequate whitelist to test against FPs. You're talking at least 20 terrabytes of whitelist data -- think of all the different versions of Office, all the drivers, etc. It's not a small undertaking. Alex -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Larry Seltzer Sent: Sunday, December 23, 2007 7:22 AM To: Thomas Raef; funsec () linuxbox org Subject: RE: [funsec] Kaspersky strikes againHow tough is it for a large company to have 50 or so "clean" workstations, packed with applicationsEspecially virtual PCs? I would think that would be their testplatform of choice. I've been involved setting up in a lot of testing labs and this is the dream scenario. It does ignore certain compatibility issues, in that you're not testing real PCs, but the potential number of those is infinite. I think Andreas Marx at AV-Test has a virtual PC test lab. It's the only way he could test the massive number of variants and products he does. I'm sure it's like knocking down a zillion dominoes, all the work is in setting up the test. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.6/1193 - Release Date: 12/22/2007 2:02 PM
No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.17.6/1193 - Release Date: 12/22/2007 2:02 PM _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again, (continued)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 22)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 22)
- RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 23)
- Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
- RE: [stuff] happens, et tu, AVG? was Re: Kaspersky strikes again Young, Keith (Dec 21)
- RE: Kaspersky strikes again Larry Seltzer (Dec 23)
- RE: Kaspersky strikes again Alex Eckelberry (Dec 23)
- Re: Kaspersky strikes again Dude VanWinkle (Dec 23)
- Re: Kaspersky strikes again Valdis . Kletnieks (Dec 23)
- Re: Kaspersky strikes again Drsolly (Dec 24)