On Mon, 03 Nov 2008 09:05:45 EST, "Memisyazici, Aras" said: > * cost of maintaining a team of clued -IT prof.'s who will create/update a > central db of sig's on extreme hardware by cooperating with other vendors who > will deliberately shoot down attempts b/c such a product will drive down their > sales (not everyone cares for the greater good, in today's greedy society) Actually Russ - you're not quite right on this one. Down in the trenches, the various A/V techies *do* cooperate across company boundaries an awful lot - although actual signatures aren't much use to exchange because the engines that interpret them are proprietary and dissimilar, samples get exchanged *all* the time (where do you *think* all those samples that get sent to virustotal.com go? :), and hints/suggestions of what they've managed to RE of the sample's structure and behavior - "Hey, it's using the WizBang packer, and you probably wanna look at this registry entry, and...." Think for a moment: how come Symantec can release a pattern only 3 hours after they see the first sample - and they already know what their competitors are calling the critter?
Attachment:
pgpJWjTdi_tCP.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/