funsec mailing list archives
Re: DefCon 'Race to Zero'
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 29 Apr 2008 22:16:11 +1200
Blue Boar to Toralv Dirro:
Now there is a very common misconception if it comes to malware and security. Viruses and Trojans don't try to exploit any vulnerabilities that need to be fixed, they simply take advantage of features offered by the OS (modifying files, creating files, establishing connections to some C&C etc.).They're not mutually-exclusive. You can have a VirusTrojanWormSpywareExploitRootkitBot if you want.
The point, as I'm sure you're more than well aware of already, is that _you need not_. Therefore, a "competition" for bypassing (static, commandline scanner, known virus detection type) antivirus is slightly more pointless than a fishing in a barrell contest where the competitors are armed with bazookas. Of course it can be done. Trivially. Endlessly. In my sleep. Sheesh... Anyone with two brain cells knows that, and moreover did back when digital watches were still pretty damn neat and AV software as we know it did not even exist. Although the specific terminology may not have been common (or even existed?) then, "default allow" has always been a darned stupid "security" stance. Now, if the competition organizers wanted to compare the level of apparent security smarts of typical extant system administrators with that hypothetical two-brain-celled creature, they could surely have come up with a much more meaningful (and more likely to succeed!) way of making that point. Further flogging the long-dead "if it's new or newly obfuscated the known virus scanner orthodxoy will miss mit" horse like this seems like an even more foolishly pointless waste of a security researcher's or other security professional's time than reading an unexpurgated collection of the security list postings of n3td3v and her various alter-ego identities... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: DefCon 'Race to Zero', (continued)
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' Colin Keigher (Apr 25)
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Rich Kulawiec (Apr 26)
- Re: DefCon 'Race to Zero' Joel R. Helgeson (Apr 28)
- Re: DefCon 'Race to Zero' Toralv_Dirro (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 28)
- Re: DefCon 'Race to Zero' Blue Boar (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 29)
- Re: DefCon 'Race to Zero' B Potter (Apr 25)
- Re: DefCon 'Race to Zero' Paul Ferguson (Apr 25)
- Re: DefCon 'Race to Zero' 'Rich Kulawiec' (Apr 28)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)
- Re: DefCon 'Race to Zero' Gadi Evron (Apr 25)
- Re: DefCon 'Race to Zero' Charles Miller (Apr 28)
- Re: DefCon 'Race to Zero' Nick FitzGerald (Apr 29)
- Re: DefCon 'Race to Zero' der Mouse (Apr 28)