lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: thor at (Thor Larholm)
Subject: Re: getting rid of outbreaks and spam

0.02 kroner coming up :)

> From: Gadi Evron [0]
> 2. In a broader view, notifications ARE currently the
> problem rather than a solution.

I think we all recognize the fundamental truth that AV notifications are
pure marketing. They contain no instructions on removing the virus and
serve to spread FUD. Somewhere sometime, a marketer at an AV company
"hey, let's get new customers by notifying people that send the virus!",
implemented it and everybody followed suit since "everybody is doing it,
might as well also".

AV notifications have degenerated from a misguided assistance to become
even worse problem than the viruses they are supposed to stop.

> 3. I think we look at the whole problem in the wrong way,
> allow me to elaborate:
> The AV industry is built on reaction rather than prevention.
> Adding new signatures is still the #1 tool in the fight against

I couldn't agree more. We should stop wasting time on detailing the
lines of a new virus, what P2P folder the latest worm copies itself to
how the latest Blaster variant changes spread algorithms on the second
Thursday of the month (provided it's raining in spain). All of this does
nothing to prevent any future reoccurences of the same threats and is
of academic interest - if you're writing a paper on worm propagation
techniques or a book about "The 1001 funniest virus subject lines".
all curious beings, but having my mom know the subject lines of the 5
viruses does nothing to prevent her from opening attachments or being
infected by Blaster.

We need to change our mindsets fundamentally and approach these threats
a different angle. Instead of playing archeologists that are uncovering
dinosaur bones and detailing their ridges we need to become bio
who analyze DNA mutation patterns and create strains of tomato plants
can endure cold winternights. It is essential that we invest serious
and money into analyzing and matrixing the common attack, spread and
infection vectors of the threats that our corporate networks and public
infrastructure encounter, and that we use that knowledge to create
counteractions and proactive theat mitigations that can hinder the
spread or
impact of generic types of threats - in advance.

This is not just a philosophy but a viable approach to applicable
We at PivX Solutions have been preaching Proactive Threat Mitigation for
quite some time now. I have been speaking about it at conferences (blame
canada), the panel members understood it when we explained it at the
National Cyber Security Summit and we integrated our initial efforts
Qwik-Fix which prevented dozens of threats in Q4 2003 (MiMail,lots of IE

I think we can all get lost in specifics from time to time, which is why
is important to remember that real security is all about risk management
how much time and money do we want to invest in lowering the inherent
to an acceptable level? It is only when we start diverting those
away from reactive solutions, such as antivirus that have not hindered
major virus outbreak but even created the far worse problem of AV
notifications, and towards proactive appliances and proper risk
that we can minimize our risk and shorten our window of exposure to

> With spam and mass mailers clogging the tubes, causing us all to
> waste money on bigger tubes, as well as our time dealing with the
> annoyance (more money), shouldn't the problem be solved there
> (at the main tubes themselves) rather than at the end user's desktop?
> They are right, it isn't currently demanded of them.

ISPs and peering points should seriously consider the development and
implementation of technologies that can unintrusively and anonymously
threats and filter packets that meet certain risk criterias, before
governmental agencies wake up and start addressing the issue by
and law that will inevitably limit their control of private property.

[0] original post


Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of

Powered by blists - more mailing lists