Thursday, January 12, 2012

CPE: McAfee AudioParasitic: Episode 2: term "anti-virus"

length: 00:20:48

discussion with Craig Schmugar

news article some weeks ago.. AV is dead.. J

why do still see the term AntiVirus when we usually see either a Trojan or a Bot???

Anti-Virus – is an attempt to find a ground balance – if we change people might not understand..
I love you virus—people know that and have that frame of reference..

Term: blended thread – sexy term.. it was not a new concept… but it was a buzz word..

Virus kinda stood test of time. Other terminology come and go..

As product – AV is the core technology..

People use the term virus as terminology for malware – downloader , trojan, bot..

You hear researcher : virus  = self replication code..
Trojan something very different

By definition – trojan is more severe.. in the past but now mass mailing malware with trojan…  the end result is the same..

People think with vista AV is useless J

AV is very reactive – it does not stop you getting virus..

Heuristic detection and generic detection has not been marketing very well… people are not aware

Some year ago –there was anti-spyware movement.. it was simple hash mechanism…

Signature based is dying but moving more to the heuristic base

Continue the episode 1 discussion with Joe Telafici & Kevin Beets

Snort is benefiting from information disclosure

Fitch: I said for year the my product requirement is written by malware writer!!!
I dont have really much of choice..
People pretty much expect 100% detection..

it’s kinda sword.. we know about rootkit for long time – but not until there was rootkit in the wild we could get the justification to add more anti-rookit development.

The fact people living out malware has created better malware toolkit..
All these business model build alround all this activities:   spammer – bot guys – selling exploits – dropping spyware..

Are we really giving me them more ideat on feature…
Dave: no – because they are more focus on making money…
Fich: if tend to make as simple as possible to get money.. but the more difficult we can make them- the further they go.

Where is the line must be line:
Malware must not shared
Vulnerability or anything that help to protect should be disclosed.
Allowing to be disclosed will give incentive to vendor to patch
Not oppose to full discloser when responsible disclosure does not work..
Dave is OK with that answer..

Our job- give top notch protection & giving as much information without causing more problem..
It is really case by case bases…
Sometime may be appropriate – sometime it is not..

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home