|
Security Incidents
mailing list archives
RE: strange windows behaviour.
From: "Harley David" <david.harley () nhsia nhs uk>
Date: Fri, 10 Oct 2003 09:18:56 +0100
Interesting paper, which I hadn't come across before.
Two points:
* AV vendors do actually analyse malicious code, they
don't just extract a signature. If a vendor acquired
a sample that showed the kind of behaviour you describe,
they would hopefully feel obliged to take it into account
in their detection and disinfection routines. And I think
you'll find that even vendors that don't scan streams at
present will have spent enough time on the issue to be able
to when and if they need to.
* AV is not (primarily) signature based, and hasn't been for
many years. Slim code content is not enough to evade
virus-specific detection.
--
David Harley
Threat Assessment Centre Manager
Anti-Virus/Email Abuse Specialist
NHS Information Authority
This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please
do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so
is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it.
Thank you for your co-operation.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: strange windows behaviour., (continued)
|
Intro
