Re: The wildlist

[Drsolly <drsollyp () drsolly com>]

On Mon, 2 Jun 2008, Bruce Ediger wrote:

> Apparently from:
> > http://www.eweek.com/c/a/Security/The-AntiMalware-Certification-Problem/
>       ...
> > In fact, insiders in the anti-virus industry, especially vendors, are
> > widely derisive of the WildList, looking on it as an outdated burden on
> > their development. The malware in it is outdated and not representative
> > of the true threats facing users.
>
> Wait, the "wild" list does not represent the true threats facing users
> in the real wild?  Why not?  It's the "wild" list, right?
>
> Given the amount of footdragging that led up to the "wildlist" shouldn't the
> users get a replacement before it goes away?  I mean, really, the AV people
> would have made more progress early on if they'd had something like the
> "wildlist" wouldn't they?

No.

Every AV company had, as target, to detect *all* viruses, irrespective of 
whether it was known to be in the wild or not. The wildlist was mostly of 
use to consumers to help them avoid poor AV products.
 
> Back in the days when boot-sector viruses like Brain were the main threat,
> getting an idea of the geographic dispersion would have helped the AV folks to
> decide what the methods of propagation were, right? 

No. Because we already knew. You leave an infected data disk in drive A 
when you boot up.

> Local outbreaks might mean
> sharing MS-DOS boot disks.  International simultaneous outbreaks might mean
> "BBS" distribution, or someone typed in a virus from Burger's or Ludwig's
> books.

The viruses from Burger's book were very poor replicators. Only Vienna was 
seen at all in the wild, and that not very often. This is because it 
wasn't a memory-resident replicator. The other Burger viruses were even 
worse.

> Instead of stabbing each other in the back to make a buck, the AV companies

I don't think we ever did that. Actually, there was quite a lot of 
cooperation between the techies (and I guess there still is).

> could have put together something that would have helped everyone, instead of
> merely extracting money from the pockets of the most fearful and superstitious.

No, we were extracting money from people who had, mostly, already had an 
encounter with a virus, and didn't want another one.
 
> But I guess that wouldn't have been as much fun as telling people to "Practice
> Safe Hex" or some other dumb catchphrase.  They should have told people to run
> linux, or netbsd or OS-9 or NeXTStep.  That would have helped more than "Safe
> Hex".

Telling people to "Practise safe Hex" was, I agree, pretty useless.  
Telling people to switch their operating system (or change their computing
platform), and change all their application software, would have been even
more useless.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.