[funsec] another VX site?

Nick FitzGerald nick at virus-l.demon.co.uk
Sun Jan 8 15:41:56 CST 2006 

Drsolly to me:

> > Of course, whether an AV product _need_ detect, or need deetct _and 
> > inform the user_, of the precise variant when, despite the malwares' 
> > program logic and/or expression differences, their _effective 
> > behaviour_ is the same, is another question.  AV uber-purists have 
> > (mostly) always aimed for "exact identification" whereas others have 
> > tended to go for "if the functionality is about the same such that 
> > disinfection is the same we need not be too fussy about identifying 
> > precise variants" and a few have always been so sloppy that it matters 
> > not what they call something as half its detects are guaranteed to be 
> > entirely unrelated and some/many not even malware (for example, some AV 
> > -- I forget which offhand -- has a generic "unwanted file" or similar 
> > detection for _any file_ it does not have more precise identification 
> > of that is packed with FSG).
> 
> Internally, though, if the product is going to do repair, then exact 
> identification is extremely important. I agree, you don't need to tell the 
> user that it's jerusalem.h or jerusalem.m if those have the same payload, 
> but there's not big downside in displaying that info.

Some would still argue (and have implemented their products thus) that 
that level of detection is not always necessary, _even when you are 
doing repair/disinfection_.  For parasitic malware it is understandable 
that you should need as precise detection as possible, but with so much 
of today's malware being either non-replicative (Trojan, adware, 
spyware, "hacking tool", etc, etc) or monolithic replicators, where the 
"repair" is "delete the file and its associated registry entries", some 
have become fairly keen on "close enough is good enough" for their 
detection capabilities (dressed up for marketing under fancy-sounding 
names like "generic detection", "advanced heuristics" and so on...).

> > > Just called my sisters wife, ...
> > 
> > It's not germane to this conversation, but I was not aware lesbian 
> > marriage was possible/legal anywhere in the US...
> 
> Maybe they got married in the UK, where we now have same-sex "Civil
> union", which is (loosely) called "marriage".


Or here -- NZ has had such civil unions for about a year (??) now...


Regards,

Nick FitzGerald

More information about the funsec mailing list