[funsec] Anti-Virus Testing and Consumer Reports
nick at virus-l.demon.co.uk
Tue Aug 29 21:10:59 CDT 2006
> I'm really surprised that neither Paul nor David knew that this repository
> already exists, and is shared by the AV vendors, on a vetted basis.
You're surprised that really, really bright and clearly intelligent
folk who know virtually nothing about what they're now talking about
might miss something so fundamental?
Wow -- and I thought you were one of the smart cookies in all this...
To quote from the referenced article:
[Anti-virus companies] have to understand that if they hoard [new
malware samples], then they're going to be lonesome.
What part of multi-gigabytes per month per vendor sample distributions
does the above statement align with?
No offense to David or Paul, but the samples you are seeing at any
given moment are no more or less the most important samples for any
other vendor or victim than those you are not only not seeing at this
moment, but will never see. The solution to that is "eventually" all
these samples will be shared and distributed, but even then, they will
not be instantly processed and detection added as there are yet further
resource constraints on the vendors. Thus, even if all samples could
be got to every vendor instantly, the detection scenario would likely
not change much, so we have a solution looking for a problem...
More information about the funsec