Hi Roger,
I didn't see your column on the state of AV protection, it's coming this
Friday?
http://www.infoworld.com/archives/t.jsp?N=c&V=Security%20Adviser&F=2002
Besides Paul's affirmation, I've received replies from other signers of
the letter that their ethics haven't changed. The old guard holds that
it's not OK to create malware, even within a closed environment.
We (I) have the challenge of testing a product which provides passive
protection without analysis or signatures or detection. I need to leak
test the 'software membrane' it creates between an application and the
OS (my description, not of the company). Therefore we have a desire to
throw as many possible variants of malware against it as we can get our
hands on, and a story like CR provides ammunition to the execs.
Bill Stout
-----Original Message-----
From: Roger A. Grimes [mailto:roger@banneretcs.com]
Sent: Wednesday, September 06, 2006 8:31 AM
To: Paul Schmehl; Bill Stout; Kurt Seifried;
focus-virus@securityfocus.com
Cc: rubin@jhu.edu
Subject: RE: Consumer Reports AV and their 5,500 new variants
I've been doing AV for 20 years now, and supported this basic safety
tenet,
but the Consumer Reports' lab testing incident doesn't bother me.
It had a good AV expert behind the work, tested logical goals that can
only
be tested by creating new malware programs, and was kept controlled. If
it
wasn't done by a professional and if great care wasn't taken to make
sure
they didn't leak, I'd be bothered. But let's be honest, at this point,
the
malware problem is so bad, the AV vendors are so bad at detecting them,
and
so many variants are being created each day, that the original problem
of
something new leaking out, just isn't the priority it used to be.
If I worked for an AV vendor, I'd stop my complaining and get to work on
a
better product. The state of AV protection is as bad as it has ever
been.
I've been reading about the "death of antivirus scanners" for 20 years
now,
but for the first time I think their time is nearing the end, and I say
so
in my Friday column in InfoWorld.
Roger
*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@infoworld.com or roger@banneretcs.com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************
-----Original Message-----
From: Paul Schmehl [mailto:pauls@utdallas.edu]
Sent: Wednesday, September 06, 2006 10:21 AM
To: Bill Stout; Kurt Seifried; focus-virus@securityfocus.com
Cc: rubin@jhu.edu
Subject: RE: Consumer Reports AV and their 5,500 new variants
--On Wednesday, September 06, 2006 01:01:39 -0700 Bill Stout
<bill.stout@greenborder.com> wrote:
Indeed, the consensus throughout the antivirus development and testing
community is that creating a new virus or variant for product testing
would be very bad - and totally unnecessary. To do so would
undoubtedly raise questions about their ethics."
Maybe opinions have changed on creating viruses in a closed test lab,
and it's no longer unethical.
I can assure you that within the AVIEN community nothing has changed.
We
are completely oppposed to the creation of viruses in a lab, for many
reasons, all of which we have publicly articulated.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
