[funsec] another VX site?
drsollyp at drsolly.com
Sun Jan 8 16:40:29 CST 2006
On Mon, 9 Jan 2006, Nick FitzGerald wrote:
> Some would still argue (and have implemented their products thus) that
> that level of detection is not always necessary, _even when you are
> doing repair/disinfection_. For parasitic malware it is understandable
> that you should need as precise detection as possible, but with so much
> of today's malware being either non-replicative (Trojan, adware,
> spyware, "hacking tool", etc, etc) or monolithic replicators, where the
> "repair" is "delete the file and its associated registry entries", some
> have become fairly keen on "close enough is good enough" for their
> detection capabilities (dressed up for marketing under fancy-sounding
> names like "generic detection", "advanced heuristics" and so on...).
How will you know which (for example) register entries to delete unless
you hav an exact identification? Or which other files?
The nightmare scenario is, malware that resumbles something else, but when
you remove it as if it were that thing, that leaves behind a SOMETHING,
which notices the bungled removal, triggers and ...
Which leaves you with "OK, I had a malware, but my computer was working
fine until I ran your product, which TRASHED it!"
> > > > Just called my sisters wife, ...
> > >
> > > It's not germane to this conversation, but I was not aware lesbian
> > > marriage was possible/legal anywhere in the US...
> > Maybe they got married in the UK, where we now have same-sex "Civil
> > union", which is (loosely) called "marriage".
> Or here -- NZ has had such civil unions for about a year (??) now...
I expect the yanks will copy us soon.
More information about the funsec