lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200406172048.i5HKmAca031906@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: MS Anti Virus? 

On Fri, 18 Jun 2004 06:30:55 +1200, Nick FitzGerald <nick@...us-l.demon.co.uk>  said:
> Valdis.Kletnieks@...edu wrote:
> 
> > Naah.. They'd never use an undocumented API to benefit their product at the
> > expense of the competition, would they? ;)
> 
> In this case, no.
> 
> Given that a lot of AV technical work is reverse engineering and that 
> most of the best AV reversers are not among those MS "acquired" from 
> RAV or who have joined MS from other AV developers subsequently (not 
> that they haven't got some very good reversers, just there are still an 
> awful ot of them elsewhere), I doubt even MS is stupid enough to 
> consider trying something like this.

You're forgetting that in this case, technical excellence fall behind marketing
and treachery in importance....

You don't think that the MS reverse engineers couldn't do better, if they had
an API that would tell them the exact footprints associated with a known
vulnerability?  :)

Remember that the BugBear virus used an undocumented API to snarf
all the passwords: http://www.extremetech.com/article2/0,3973,582176,00.asp

You really expect us to believe that the M$ AV team won't leverage off the
fact that they could know about that API, and all the others in Windows?

Now consider all the cases where Microsoft has shipped a half-working patch
that closes some cases but not others - could that be a case of "we intentionally
shipped half the patch because we're going to let our AV software in on the secret
sauce so it can install the OTHER half of the patch"?  :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040617/62be4c4b/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ