[112379] in cryptography@c2.net mail archive
Re: Death of antivirus software imminent
daemon@ATHENA.MIT.EDU (Dan Kaminsky)
Fri Jan 4 17:22:28 2008
Date: Fri, 04 Jan 2008 09:42:11 -0800
From: Dan Kaminsky <dan@doxpara.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
CC: dan@geer.org, cryptography@metzdowd.com
In-Reply-To: <20080103232333.10bfe354@cs.columbia.edu>
> Crypto solves certain problems very well. Against others, it's worse
> than useless -- "worse", because it blocks out friendly IDSs as well as
> hostile parties.
>
>
Yawn. IDS is dead, has been for a while now. The bottom line discovery
has been that:
1) Anomaly detection doesn't work because anomalies are normal, and
2) Unless you're scrubbing up and down the application and network
stacks, you just have no idea what the host endpoint is parsing.
At the point where crypto shows up, it's already too late.
--Dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com