Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: MS Anti Virus?
From: Valdis.Kletnieks () vt edu
Date: Thu, 17 Jun 2004 17:50:47 -0400

On Thu, 17 Jun 2004 17:37:11 EDT, Mohit Muthanna said:
You really expect us to believe that the M$ AV team won't leverage off the
fact that they could know about that API, and all the others in Windows?

in addition, given that they have the sources to their own OS, i doubt
they really have to do much manual reversing... i'm sure the debugging
tools they have developed over the years would quite easily aid them
in determining precisely what the viruses do and how they do it.

No... you're still not getting it.  There's no reverse engineering involved. ;)

Let's pop over to http://www.eeye.com/html/research/upcoming/index.html

Hey look.. http://www.eeye.com/html/research/upcoming/20031007.html is
194 days overdue..  Now, your AV software doesn't have to have *ANY*
reverse engineering for the virus if the operating system and/or AV updates
is whispering in its ear "Anything that does *this* is malware exploiting 20031007".

And at that point, there's no reason to actually ship a *patch*, you just ship
a data file that tells *your* AV that "20031007 exploits look like this" - at which
point you can presumably trap 100% of exploits, and the competition has to
reverse engineer each one... ;)

"Systems protected with M$ AV were 100% safe, while 30% of Brand X users
got whacked while their teams were busy reverse engineering"...  Hard to argue
with THAT sales pitch.. ;)

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]