Full Disclosure mailing list archives

RE: Show me the Virrii!

From: Szappanos Gabor (VBuster) <gszappanos () virusbuster hu>
Date: Thu, 8 Jan 2004 09:10:13 +0100

"Research" isn't what you're doing when you're planning to figure out

how to

stop the *next* new attack by studying the terabytes of examples of how

that

idea didn't stop the attack last time.


No actually research is finding generic signatures for larger virus/wom
families, generic detection for virus/worm types, implementing emulated
Win32/DOS environment within the virus scanner to analyse the behaviour
of a program. Something like this. Not entirely useless. Recently posted
a couple of links that investigate the efficiency of these methods. The
results are still far from being assuring, but saying that these methods
are useless is ignoring tha facts.

What you're doing there is milking a cash cow rather than finding a new

way to

actually fix the problem right.


Exactly. Like onvincing the people that writing and distributing viruses
is a bad thing. But this smells like a flame.

Regards,
Gabor Szappanos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: [inbox] Re: Show me the Virrii!, (continued)
- - - Re: [inbox] Re: Show me the Virrii! Exibar (Jan 07)
- RE: Show me the Virrii! John . Airey (Jan 07)
  - Re: Show me the Virrii! Exibar (Jan 07)
- RE: Show me the Virrii! Schmehl, Paul L (Jan 07)
  - Re: Show me the Virrii! Exibar (Jan 07)
  - RE: Show me the Virrii! doyle043 (Jan 07)
    - RE: Show me the Virrii! Nick FitzGerald (Jan 07)
- Re: Show me the Virrii! fastfood () optusnet com au (Jan 07)
  - Re: Show me the Virrii! Nick FitzGerald (Jan 07)
  - Re: Show me the Virrii! Jeremiah Cornelius (Jan 07)
- RE: Show me the Virrii! VBuster (Jan 08)