Friday, April 07, 2006

rebuttal to 'how the anti-virus industry is turning a white hat black'

read the original article here... i'm amazed at the shoddy analysis performed by the author...

first of all, just because someone calls themself a white hat doesn't make it so... the guy put a modified version of a so-called 'rootkit' (we won't go there this time) on the web where anyone can get it... modified in such a way that existing detection routines would fail to find it... how the hell does anyone mistake that for something a white hat would do?...

second, just because he put it on the web doesn't mean it's going to find it's way to the anti-virus developers or to anyone else for that matter... the idea that important people will sit up and take notice because you put something on your website is the height of egocentricity (i'm lucky if i get 10 hits a day here, i know i'm not reaching many people)...

third, it was a 'rootkit' not a virus... why do people insist on calling everything bad a virus?

fourth, the reality is that at most the anti-virus companies were given 1 month and 5 days notice (march 1 to april 5)... now that's still a pretty long time for so many companies to fail to add detection but it's not the 3 months the author was claiming...

should anti-virus companies add detection for this non-virus? probably, since it's now more a matter of defending against malware in general than viruses in particular... is it a high priority? probably not... at least not yet... non-replicating malware rarely becomes as big a threat as the self-replicating variety... i'm sure it'll get added eventually but i'm not too concerned if it has to prove itself as a threat first...

0 comments: