Dailydave mailing list archives
Re: Going against the Gradient
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Tue, 22 Jan 2008 23:42:20 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jared DeMott wrote: | Dave Aitel wrote: |> I posted a quick paper which I wrote for a private newsletter that |> went out in December. Quicky link is here: |> http://www.immunityinc.com/downloads/GoingAgainstTheGradient.pdf |> http://www.immunityinc.com/downloads/GoingAgainstTheGradient.odt |> |> -dave |> | Dave my man. I agree that security is an arm's race for signature | based products. I don't think Dave said it was an arm-race. To me it sounded like if it was a *waste of time*, which, BTW, I fully agree with. Arm-races result in advancing the technology, usually on both sides -- this can not be seen in the AV products nor malware used in the wild. Alex will probably not agree with me here, arguing the some new Russian malware creations have plenty of cool new features -- true, but those new features do not change the battlefield in any way -- they are more like having yet another 2 speakers in you car audio system, that already has had 9 of them ;) | Though should we throw out the baby with the dirty water? Is no | firewall, VLANs, route filtering, IDS, AV, central | management/logging, etc better than a lame one? Bingo! | Security's not such a lost cause - it's just as challenging as ever! | "Security is a constant challenge", "never ending process", etc, blablabla... There can be a Challenge and a challenge. One results in some progress, while the others only in a pseudo-progress. Introduction of a few new security(?) mechanisms in Vista, like e.g. UAC, Driver Signature Enforcement and Kernel Patch Protection is another example of a pseudo-bar-raising arm-race. Unlike some anti-exploitation mechanisms (e.g. ASLR, DEP), those do not make it even a bit harder for the bad guys to get their malware installed. Everybody knows how to cheat them and MS is not going anything about it (I know they keep updating Patch Guard, and we all know that it's not changing anything). joanna. ps. No, I don't think that the whole A/V industry should die -- they should just transition into a different role. (I keep promising myself to write an article about it...) -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJHlnFJAAoJEMwG7MOLAMOlwO4H/i/DWOVEOYGcpLYsvI5iyelw VDjEKF5pMWJXuSfAz0Y/rSuu4kpXf97wCwFo8jGMJLI1lEBwmJATSzuZNNbfyb5F losPEw9hcJXN/iZ9LKHotTRJgngwwBgd4N6+D05/Oc2es+h1e6TuthDSgrDraucD 2q8JzH2EVNV817LYKObwJAqglfEc3g+82d2h7aCl8RNom7VsmJHX3+3eFcMwhWnZ yHDfPgoyWwsyO7MBFsHXDgvfBvfKW4/YH6KZju18jnZuxFUA/XfB/I7DT2XE4QSR XVibapR3s+ROAA1zJcIXNl2ohK3HdnfySBhPGnDl9SEUrhXdOAa0N0NyFmQsFk8= =byhG -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Going against the Gradient Dave Aitel (Jan 22)
- Re: Going against the Gradient Jared DeMott (Jan 22)
- Re: Going against the Gradient J.M. Seitz (Jan 22)
- Re: Going against the Gradient Joanna Rutkowska (Jan 22)
- Re: Going against the Gradient I)ruid (Jan 23)
- Message not available
- Re: Going against the Gradient Jared DeMott (Jan 28)
- Re: Going against the Gradient Arun Koshy (Jan 28)
- Re: Going against the Gradient Jared DeMott (Jan 22)
- <Possible follow-ups>
- Re: Going against the Gradient Richard Bejtlich (Jan 24)