Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Joanna Rutkowska (joannainvisiblethings.org)
Date: Tue Jan 22 2008 - 16:42:20 CST
-----BEGIN PGP SIGNED MESSAGE-----
Jared DeMott wrote:
| Dave Aitel wrote:
|> I posted a quick paper which I wrote for a private newsletter that
|> went out in December. Quicky link is here:
| Dave my man. I agree that security is an arm's race for signature
| based products.
I don't think Dave said it was an arm-race. To me it sounded like if it
was a *waste of time*, which, BTW, I fully agree with.
Arm-races result in advancing the technology, usually on both sides --
this can not be seen in the AV products nor malware used in the wild.
Alex will probably not agree with me here, arguing the some new Russian
malware creations have plenty of cool new features -- true, but those
new features do not change the battlefield in any way -- they are more
like having yet another 2 speakers in you car audio system, that already
has had 9 of them ;)
| Though should we throw out the baby with the dirty water? Is no
| firewall, VLANs, route filtering, IDS, AV, central
| management/logging, etc better than a lame one?
| Security's not such a lost cause - it's just as challenging as ever!
"Security is a constant challenge", "never ending process", etc,
blablabla... There can be a Challenge and a challenge. One results in
some progress, while the others only in a pseudo-progress.
Introduction of a few new security(?) mechanisms in Vista, like e.g.
UAC, Driver Signature Enforcement and Kernel Patch Protection is another
example of a pseudo-bar-raising arm-race. Unlike some anti-exploitation
mechanisms (e.g. ASLR, DEP), those do not make it even a bit harder for
the bad guys to get their malware installed. Everybody knows how to
cheat them and MS is not going anything about it (I know they keep
updating Patch Guard, and we all know that it's not changing anything).
ps. No, I don't think that the whole A/V industry should die -- they
should just transition into a different role. (I keep promising myself
to write an article about it...)
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Dailydave mailing list