[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <74343.1225723569@turing-police.cc.vt.edu>
Date: Mon, 03 Nov 2008 09:46:09 -0500
From: Valdis.Kletnieks@...edu
To: "Memisyazici, Aras" <arasm@...edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Securing our computers?
On Mon, 03 Nov 2008 09:05:45 EST, "Memisyazici, Aras" said:
> * cost of maintaining a team of clued -IT prof.'s who will create/update a
> central db of sig's on extreme hardware by cooperating with other vendors who
> will deliberately shoot down attempts b/c such a product will drive down their
> sales (not everyone cares for the greater good, in today's greedy society)
Actually Russ - you're not quite right on this one. Down in the trenches,
the various A/V techies *do* cooperate across company boundaries an awful
lot - although actual signatures aren't much use to exchange because the
engines that interpret them are proprietary and dissimilar, samples get
exchanged *all* the time (where do you *think* all those samples that get
sent to virustotal.com go? :), and hints/suggestions of what they've managed
to RE of the sample's structure and behavior - "Hey, it's using the WizBang
packer, and you probably wanna look at this registry entry, and...."
Think for a moment: how come Symantec can release a pattern only 3 hours
after they see the first sample - and they already know what their competitors
are calling the critter?
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists