|
Full Disclosure
mailing list archives
Re: Securing our computers?
From: Valdis.Kletnieks () vt edu
Date: Mon, 03 Nov 2008 09:46:09 -0500
On Mon, 03 Nov 2008 09:05:45 EST, "Memisyazici, Aras" said:
* cost of maintaining a team of clued -IT prof.'s who will create/update a
central db of sig's on extreme hardware by cooperating with other vendors who
will deliberately shoot down attempts b/c such a product will drive down their
sales (not everyone cares for the greater good, in today's greedy society)
Actually Russ - you're not quite right on this one. Down in the trenches,
the various A/V techies *do* cooperate across company boundaries an awful
lot - although actual signatures aren't much use to exchange because the
engines that interpret them are proprietary and dissimilar, samples get
exchanged *all* the time (where do you *think* all those samples that get
sent to virustotal.com go? :), and hints/suggestions of what they've managed
to RE of the sample's structure and behavior - "Hey, it's using the WizBang
packer, and you probably wanna look at this registry entry, and...."
Think for a moment: how come Symantec can release a pattern only 3 hours
after they see the first sample - and they already know what their competitors
are calling the critter?
Attachment:
_bin
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Securing our computers?, (continued)
| 
Intro
