[Dailydave] Security FAIL.
Florian Weimer
fw at deneb.enyo.de
Sat Apr 5 17:05:28 EDT 2008
* Dave Aitel:
> http://blogs.the451group.com/security/?p=16
>
> The 451 Group has an interesting article on the FAIL that is the AV
> industry right now. I like the last paragraph especially where they
> reference the "illusion of competence". As they note, having a better
> metric to test the AV industry (like number of people with it installed
> who get owned by malware) would largely benefit consumers as a whole. I
> wouldn't look for anything here soon.
There is a general insistence in the AV industry to test only malware
which is a few weeks old. In testing, you also get sort-of competitive
performance with MD5-based checking, even if the malware in question is
made MD5-unique before actual deployment.
I'm not sure if it's a problem for the AV companies, though. Their
brands are quite strong, and the policies that guarantee them a steady
revenue stream are well-enshrined industry-wide. Certainly it's not
going to affect them in the current CEO cycle, and that's why they
aren't dealing with it aggressively. But I agree that we're heading
towards a profound change in technology and business models.
More information about the Dailydave
mailing list