[112379] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Death of antivirus software imminent

daemon@ATHENA.MIT.EDU (Dan Kaminsky)
Fri Jan 4 17:22:28 2008

Date: Fri, 04 Jan 2008 09:42:11 -0800
From: Dan Kaminsky <dan@doxpara.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
CC: dan@geer.org, cryptography@metzdowd.com
In-Reply-To: <20080103232333.10bfe354@cs.columbia.edu>


> Crypto solves certain problems very well.  Against others, it's worse
> than useless -- "worse", because it blocks out friendly IDSs as well as
> hostile parties.
>
>   
Yawn.  IDS is dead, has been for a while now.  The bottom line discovery
has been that:

1) Anomaly detection doesn't work because anomalies are normal, and
2) Unless you're scrubbing up and down the application and network
stacks, you just have no idea what the host endpoint is parsing.

At the point where crypto shows up, it's already too late.

--Dan

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post