[87154] in North American Network Operators' Group
Re: Clueless anti-virus products/vendors
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Dec 7 07:57:06 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: "Church, Chuck" <cchurch@netcogov.com>, nanog@merit.edu
Date: Wed, 07 Dec 2005 13:56:29 +0100
In-Reply-To: <20051205040452.6C5B03C0159@berkshire.machshav.com> (Steven
M. Bellovin's message of "Sun, 04 Dec 2005 23:04:52 -0500")
Errors-To: owner-nanog@merit.edu
* Steven M. Bellovin:
> A-V companies are in the business of analyzing viruses.
Many offer analysis services, but this is done upon special request,
and only if you pay extra.
> They should *know* how a particular virus behaves.
You don't need to know what the virus does in order to detect it with
a file-based signature. Analysis stops as soon as detection is
possible with sufficient accuracy. Timebombs and other hidden
functionality go unnoticed (unless the malware is form a well-known
strain which has such features).
