[funsec] standards status in the industry - opinion?
Drsolly
drsollyp at drsolly.com
Sat Jan 7 18:10:08 CST 2006
On Sun, 8 Jan 2006, Gadi Evron wrote:
> > I agree 100%. Purely signature-based scanning that proved able to
> > detect all the WMF exploits out there would produce scores of FPs. It's
> > yet another example of why sig scanning is broken.
> >
> > When I said we were setting our standards too low on AV, I didn't mean
> > that I wanted the AVers to just produce better sigs. Better technology
> > is one of the things AV needs as well. We've set our standards *FAR*
> > too low there, and are still allowing AVers to ram this terrible,
> > decades-old technology down our throats.
>
> I disagree on a part of what you say.
>
> If AV-ers could make better detection, they would. They are no slackers.
>
> The fact that the marketing part of the business keeps sticking that
> same solution down our throats is indeed the truth, and it is no longer
> adequate and research should proceed in other fields as well.
>
> Our industry likes old and stable though. It fits well in budget requests.
I can tell you that in 1988, signature-based scanning was not "old and
stable".
A replacement for this is possible, and I think I can even see how to do
it. But it's someone else's turn to implement it.
More information about the funsec
mailing list