> Right on, Larry. Not really. Though some of the problems I have with the review could be said to be WLO's fault, for failing to have its web site and documentation keep pace with where it is these days. The WildList's deficiencies are well-known, but being addressed (albeit with terrifying slowness...) But the list itself is less outdated than the accompanying explanations, IMHO.
> Failure to find all malware in the famous WildList can cause > an anti-malware product to fail VB100 certification. True. Because the list -is- behind the curve, it's all not unreasonable for a WL-focused test to expect 100% detection. How much weight a potential customer should give that particular test is open for debate. :) If the case Larry quoted (W95/Dupator.1503) is really still in the wild, it should be on the list. If it isn't, it shouldn't, according to WLO's own terms of reference, which would entail a minor blemish on the VB100 certification. But would you be comfortable with a scanner missing a sample nearly a decade old? There -is- a longstanding debate about whether long-gone malware stillneeds to be detected, but it's actually fairly academic. As long as there are comparative and certification tests still extant that include DOS executables, batchfile Trojans and so on, scanners will have to detect those samples or lose competitive advantage. Compared to that, one questionable entry on the WildList isn't very significant. In any case, we don't generally insist on detecting only viruses that are known to be active or potentially active on currently supported, whatever certifying organizations do. If we did, we'd catch grief for that, too. One compromise would be for scanners to have some sort of "recent malware only" switch. But I can see a -lot- of problems with that. > Sometimes this is scandalous as when Microsoft's OneCare > failed WildList testing last year > <http://www.pcmag.com/article2/0,1895,2094219,00.asp> to > widespread derision. Scandalous? That's rather an overstatement if you look at the original comparative review, rather than interpretations of the results by the media et al. And I speak as someone who works for a competitor. :) > In fact, insiders in the anti-virus industry, especially > vendors, are widely derisive of the WildList, looking on it > as an outdated burden on their development. The malware in it > is outdated and not representative of the true threats facing users. This is misleading. But I've already commented on that. -- David Harley _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
