mailing list archives
Re: MS Anti Virus?
From: Valdis.Kletnieks () vt edu
Date: Thu, 17 Jun 2004 17:50:47 -0400
On Thu, 17 Jun 2004 17:37:11 EDT, Mohit Muthanna said:
You really expect us to believe that the M$ AV team won't leverage off the
fact that they could know about that API, and all the others in Windows?
in addition, given that they have the sources to their own OS, i doubt
they really have to do much manual reversing... i'm sure the debugging
tools they have developed over the years would quite easily aid them
in determining precisely what the viruses do and how they do it.
No... you're still not getting it. There's no reverse engineering involved. ;)
Let's pop over to http://www.eeye.com/html/research/upcoming/index.html
Hey look.. http://www.eeye.com/html/research/upcoming/20031007.html is
194 days overdue.. Now, your AV software doesn't have to have *ANY*
reverse engineering for the virus if the operating system and/or AV updates
is whispering in its ear "Anything that does *this* is malware exploiting 20031007".
And at that point, there's no reason to actually ship a *patch*, you just ship
a data file that tells *your* AV that "20031007 exploits look like this" - at which
point you can presumably trap 100% of exploits, and the competition has to
reverse engineer each one... ;)
"Systems protected with M$ AV were 100% safe, while 30% of Brand X users
got whacked while their teams were busy reverse engineering"... Hard to argue
with THAT sales pitch.. ;)
Re: MS Anti Virus? Valdis . Kletnieks (Jun 17)
Re: MS Anti Virus? Ben Timby (Jun 18)
Re: MS Anti Virus? Valdis . Kletnieks (Jun 18)
MS Anti Virus? http-equiv () excite com (Jun 16)
MS Anti Virus? Robert Michael Slade (Jun 17)
Re: MS Anti Virus? DAN MORRILL (Jun 17)