On Mon, 2 Jun 2008, Bruce Ediger wrote: > Apparently from: > > http://www.eweek.com/c/a/Security/The-AntiMalware-Certification-Problem/ > ... > > In fact, insiders in the anti-virus industry, especially vendors, are > > widely derisive of the WildList, looking on it as an outdated burden on > > their development. The malware in it is outdated and not representative > > of the true threats facing users. > > Wait, the "wild" list does not represent the true threats facing users > in the real wild? Why not? It's the "wild" list, right? > > Given the amount of footdragging that led up to the "wildlist" shouldn't the > users get a replacement before it goes away? I mean, really, the AV people > would have made more progress early on if they'd had something like the > "wildlist" wouldn't they?
No. Every AV company had, as target, to detect *all* viruses, irrespective of whether it was known to be in the wild or not. The wildlist was mostly of use to consumers to help them avoid poor AV products. > Back in the days when boot-sector viruses like Brain were the main threat, > getting an idea of the geographic dispersion would have helped the AV folks to > decide what the methods of propagation were, right? No. Because we already knew. You leave an infected data disk in drive A when you boot up. > Local outbreaks might mean > sharing MS-DOS boot disks. International simultaneous outbreaks might mean > "BBS" distribution, or someone typed in a virus from Burger's or Ludwig's > books. The viruses from Burger's book were very poor replicators. Only Vienna was seen at all in the wild, and that not very often. This is because it wasn't a memory-resident replicator. The other Burger viruses were even worse. > Instead of stabbing each other in the back to make a buck, the AV companies I don't think we ever did that. Actually, there was quite a lot of cooperation between the techies (and I guess there still is). > could have put together something that would have helped everyone, instead of > merely extracting money from the pockets of the most fearful and > superstitious. No, we were extracting money from people who had, mostly, already had an encounter with a virus, and didn't want another one. > But I guess that wouldn't have been as much fun as telling people to "Practice > Safe Hex" or some other dumb catchphrase. They should have told people to run > linux, or netbsd or OS-9 or NeXTStep. That would have helped more than "Safe > Hex". Telling people to "Practise safe Hex" was, I agree, pretty useless. Telling people to switch their operating system (or change their computing platform), and change all their application software, would have been even more useless. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
