[funsec] ? - I don't know where to send this one, so I'm sending
i t here...
Blue Boar
BlueBoar at thievco.com
Thu Nov 3 13:04:45 CST 2005
Drsolly wrote:
> Certainly when I was in the AV field, a signature-based scanner was the
> most cost-effective way of using a bunch of computers in a world that
> included viruses. That was true, because it took months, even years, for
> malware to spread.
Also don't forget that it's very important to identify things
specifcally, by name. So signatures aren't going away anytime soon, I
imagine.
I wouldn't want my AV software to (just) say "Hey, we found something
bad. We stopped it. Probably. Here's the file if you want a look."
And then I spend 8 hours analyzing just another Bagle. As an end-user,
I mean. Not as an AV employee. You guys still have to analyze just
another Bagle for me. ;)
BB
More information about the funsec
mailing list