[funsec] ? - I don't know where to send this one, so I'm sending i t here...

Blue Boar BlueBoar at thievco.com
Thu Nov 3 13:04:45 CST 2005


Drsolly wrote:
> Certainly when I was in the AV field, a signature-based scanner was the 
> most cost-effective way of using a bunch of computers in a world that 
> included viruses. That was true, because it took months, even years, for 
> malware to spread. 

Also don't forget that it's very important to identify things 
specifcally, by name.  So signatures aren't going away anytime soon, I 
imagine.

I wouldn't want my AV software to (just) say "Hey, we found something 
bad.  We stopped it.  Probably.  Here's the file if you want a look." 
And then I spend 8 hours analyzing just another Bagle.  As an end-user, 
I mean.  Not as an AV employee.  You guys still have to analyze just 
another Bagle for me. ;)

						BB


More information about the funsec mailing list