[Reposting at moderators request -bill]
Hi Roger,
I read your article:
http://www.infoworld.com/article/06/09/08/37OPsecadvise_1.html
Well done! Besides pointing out the soft underbelly of the AV
community, you gracefully avoided the controversy of creating new
malware.
The analogy I use when describing defensive computer security, is like
coming home from a Karate class, and demonstrating your latest moves:
"Try to hit my chin. Ow! Slower. No, a little higher. Wait, my foot
wasn't in the right place. Hold on, I wasn't ready. OK, now. With the
other hand! No, you're supposed to let me grab your wrist. You're not
cooperating!"
The old karate demands a cooperative attacker, or at least one that
follows a known set of rules.
Corporate Firewalls were once seen as the ultimate defense, but
intruders were supposed to follow network rules and not hopscotch in
through harmless port traffic, or have the user install something
interesting that connected out to the intruder, and computers were not
supposed to travel out of the network perimeter.
With all due respect the old guard (I'm not that young myself), I wonder
if AV is 'the old karate'. Maybe some of the experts should try out a
few new attacks.
Bill Stout
Disclaimer - "I don't speak for my employer. Some of my evening posts
are accompanied by a glass of whiskey or wine. I don't always pay
attention when I type."
Obligatory political statement - 'No peace for terrorists'
-----Original Message-----
From: Roger A. Grimes [mailto:roger@banneretcs.com]
Sent: Wednesday, September 06, 2006 8:31 AM
To: Paul Schmehl; Bill Stout; Kurt Seifried;
focus-virus@securityfocus.com
Cc: rubin@jhu.edu
Subject: RE: Consumer Reports AV and their 5,500 new variants
I've been doing AV for 20 years now, and supported this basic safety
tenet,
but the Consumer Reports' lab testing incident doesn't bother me.
It had a good AV expert behind the work, tested logical goals that can
only
be tested by creating new malware programs, and was kept controlled. If
it
wasn't done by a professional and if great care wasn't taken to make
sure
they didn't leak, I'd be bothered. But let's be honest, at this point,
the
malware problem is so bad, the AV vendors are so bad at detecting them,
and
so many variants are being created each day, that the original problem
of
something new leaking out, just isn't the priority it used to be.
If I worked for an AV vendor, I'd stop my complaining and get to work on
a
better product. The state of AV protection is as bad as it has ever
been.
I've been reading about the "death of antivirus scanners" for 20 years
now,
but for the first time I think their time is nearing the end, and I say
so
in my Friday column in InfoWorld.
Roger
*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes@infoworld.com or roger@banneretcs.com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************
-----Original Message-----
From: Paul Schmehl [mailto:pauls@utdallas.edu]
Sent: Wednesday, September 06, 2006 10:21 AM
To: Bill Stout; Kurt Seifried; focus-virus@securityfocus.com
Cc: rubin@jhu.edu
Subject: RE: Consumer Reports AV and their 5,500 new variants
--On Wednesday, September 06, 2006 01:01:39 -0700 Bill Stout
<bill.stout@greenborder.com> wrote:
Indeed, the consensus throughout the antivirus development and testing
community is that creating a new virus or variant for product testing
would be very bad - and totally unnecessary. To do so would
undoubtedly raise questions about their ethics."
Maybe opinions have changed on creating viruses in a closed test lab,
and it's no longer unethical.
I can assure you that within the AVIEN community nothing has changed.
We
are completely oppposed to the creation of viruses in a lab, for many
reasons, all of which we have publicly articulated.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box
giving hackers complete access to all your backend systems!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
