Re: [ISN] Security vendors slam Defcon virus contest

From: InfoSec News (alerts@private)
Date: Tue Apr 29 2008 - 22:22:57 PDT

Previous message: InfoSec News: "[ISN] White House Emails and The Case of the Missing BlackBerrys"
Maybe in reply to: InfoSec News: "[ISN] Security vendors slam Defcon virus contest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.infoworld.com/article/08/04/28/Security-vendors-slam-Defcon-virus-contest_1.html
: 
: By Robert McMillan
: IDG News Service
: April 28, 2008
: 
: There will be a new contest at the Defcon hacker conference this 
: August, one that anti-virus vendors already hate.
: 
: Called Race-to-Zero, the contest will invite Defcon hackers to find 
: new ways of beating anti-virus software. Contestants will get some 
: sample virus code that they must modify and try to sneak past the 
: anti-virus products.

: Some compared the contest to a controversial 2006 Consumer Reports 
: review of anti-virus software. In that article, the magazine created 
: 5,500 new virus samples, based on existing malware, and was roundly 
: criticized by anti-virus vendors for contributing to the rapidly 
: expanding list of known malware.

As memory serves, they were created in a lab and not made public in any 
fashion.

: With anti-virus vendors already processing some 30,000 samples each 
: day, there's no need for any more samples, said Roger Thompson, chief 
: research officer with anti-virus vendor AVG Technologies. "It's hard 
: to see an upside for encouraging people to write more viruses," he 
: said via instant message. "It's a dumb idea."

I think Roger Thompson firmly states what many professionals have been 
saying for a long time; Anti-Virus as it exists today is an entirely 
reactionary protection mechanism. If AV vendors are really getting 
30,000 new virus/malware samples each day, and they haven't figured out 
how to write signatures that better recognize them, then it really 
drives the point home that they are simply feeding their business model.

AV vendors have no real desire to create more elegant solutions to the 
problem, nor write a better mechanism for detecting viruses. It directly 
threatens their main source of recurring revenue (signature updates). 
I'd be interested in seeing just how often end users with an updated AV 
package installed 'find' new strains of viruses or malware. Surely these 
people are running into them in mail or on web pages, and surely 
heuristic analysis is catching some of the one-off variants, right?



_______________________________________________      
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss

Previous message: InfoSec News: "[ISN] White House Emails and The Case of the Missing BlackBerrys"
Maybe in reply to: InfoSec News: "[ISN] Security vendors slam Defcon virus contest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Apr 29 2008 - 22:38:11 PDT