mailing list archives
Re: MS Anti Virus?
From: Valdis.Kletnieks () vt edu
Date: Thu, 17 Jun 2004 16:48:10 -0400
On Fri, 18 Jun 2004 06:30:55 +1200, Nick FitzGerald <nick () virus-l demon co uk> said:
Valdis.Kletnieks () vt edu wrote:
Naah.. They'd never use an undocumented API to benefit their product at the
expense of the competition, would they? ;)
In this case, no.
Given that a lot of AV technical work is reverse engineering and that
most of the best AV reversers are not among those MS "acquired" from
RAV or who have joined MS from other AV developers subsequently (not
that they haven't got some very good reversers, just there are still an
awful ot of them elsewhere), I doubt even MS is stupid enough to
consider trying something like this.
You're forgetting that in this case, technical excellence fall behind marketing
and treachery in importance....
You don't think that the MS reverse engineers couldn't do better, if they had
an API that would tell them the exact footprints associated with a known
Remember that the BugBear virus used an undocumented API to snarf
all the passwords: http://www.extremetech.com/article2/0,3973,582176,00.asp
You really expect us to believe that the M$ AV team won't leverage off the
fact that they could know about that API, and all the others in Windows?
Now consider all the cases where Microsoft has shipped a half-working patch
that closes some cases but not others - could that be a case of "we intentionally
shipped half the patch because we're going to let our AV software in on the secret
sauce so it can install the OTHER half of the patch"? :)
Re: MS Anti Virus? Valdis . Kletnieks (Jun 17)
Re: MS Anti Virus? Ben Timby (Jun 18)
Re: MS Anti Virus? Valdis . Kletnieks (Jun 18)
MS Anti Virus? http-equiv () excite com (Jun 16)
MS Anti Virus? Robert Michael Slade (Jun 17)
Re: MS Anti Virus? DAN MORRILL (Jun 17)