Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Backdoor not recognized by Kaspersky
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 04 Mar 2004 14:32:09 +1300

madsaxon <madsaxon () direcway com> wrote:

As Rob Rosenberger has been preaching for years, the most sensible
solution to this problem lies in heuristics, not reactive tactics.
An ounce of prevention has always been worth a pound of cure.

I think heuristics are over-rated for such applications.  To be truly 
effective the false positive rate will be crippling and thus folk will 
stop using such products.

There are other ways to do intelligent prevention that actuually works 
(at least in corporate environments -- SOHO users will largely remain 
the "virus lepers" or be reduced to depending on NGTCB-like approaches, 
making them a different kind of leper).


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]