On Fri, 18 Jun 2004 06:30:55 +1200, Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx> said: > Valdis.Kletnieks@xxxxxx wrote: > > > Naah.. They'd never use an undocumented API to benefit their product at the > > expense of the competition, would they? ;) > > In this case, no. > > Given that a lot of AV technical work is reverse engineering and that > most of the best AV reversers are not among those MS "acquired" from > RAV or who have joined MS from other AV developers subsequently (not > that they haven't got some very good reversers, just there are still an > awful ot of them elsewhere), I doubt even MS is stupid enough to > consider trying something like this. You're forgetting that in this case, technical excellence fall behind marketing and treachery in importance.... You don't think that the MS reverse engineers couldn't do better, if they had an API that would tell them the exact footprints associated with a known vulnerability? :) Remember that the BugBear virus used an undocumented API to snarf all the passwords: http://www.extremetech.com/article2/0,3973,582176,00.asp You really expect us to believe that the M$ AV team won't leverage off the fact that they could know about that API, and all the others in Windows? Now consider all the cases where Microsoft has shipped a half-working patch that closes some cases but not others - could that be a case of "we intentionally shipped half the patch because we're going to let our AV software in on the secret sauce so it can install the OTHER half of the patch"? :)
Attachment:
pgp00041.pgp
Description: PGP signature