Re: The wildlist

["David Harley" <david.a.harley () gmail com>]

> > In fact, insiders in the anti-virus industry, especially 
> vendors, are 
> > widely derisive of the WildList, looking on it as an 
> outdated burden 
> > on their development. 

This is misleading. There are certainly critics of the WildList, in and out
of the AV industry, and not without reason, but the list is an AV research
community project: most of the contributors are vendor-affiliated.

> The malware in it is outdated 

The WildList -is- always behind the curve (in the absence of the fabled
realtime WL). So, putting it simplistically, do you want validated samples
or do you want a realtime list? 

> > and not representative of the true threats facing users.

Not really true. WL is representative of a -subset- of true threats.
 
> Wait, the "wild" list does not represent the true threats 
> facing users in the real wild?  Why not?  It's the "wild" list, right?

It's a list that maps to a collection of samples of malware found ItW. You
really need to know what WLO means by in the wild, though:
http://www.wildlist.org/faq.htm.
 
> Given the amount of footdragging that led up to the 
> "wildlist" shouldn't the users get a replacement before it 
> goes away?  

Don't know what you mean by footdragging. The list has been around since the
early 90s, and for quite a few years was a fairly good representation of the
threatscape. 

Who do you mean by the users, and where do you expect them to get a
replacement?

> I mean, really, the AV people would have made 
> more progress early on if they'd had something like the 
> "wildlist" wouldn't they?

I rather thought they did...

> Instead of stabbing each other in the back to make a buck, 

So we're stabbing each other in the back -and- conspiring to rook the end
users?

> the AV companies could have put together something that would 
> have helped everyone, instead of merely extracting money from 
> the pockets of the most fearful and superstitious.

I suppose it's too much to hope that just for once we could have a
discussion that isn't based on the presumption that the industry is
incompetent, corrupt and amoral? :-/
 
> But I guess that wouldn't have been as much fun as telling 
> people to "Practice Safe Hex" or some other dumb catchphrase. 

There's nothing wrong with that catchphrase as long as you tell people what
Safe Hex is. Of course, lots of people didn't, or defined it as something
unhelpful or misleading. But they didn't necessarily have anything to do
with the AV industry.

D

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.