Monday, September 03, 2007

On Obscure References

Tom Liston reveals himself as a fellow Wilson fan in his blog post "Immanentize the Eschaton." The post is yet another kick in the general direction of signature-based anti-malware. However, I actually happen to think that what he observed was behavior-based detection working as it should ...

1 comment:

kurt wismer said...

from the description it cannot be behaviour-based detection... behaviour-based detection requires the subject to behave... files that are just sitting on a usb drive don't do anything until they're run and the way he put it it wasn't running...

frankly, i think it was signature-based detection working as it should... one can argue that a signature should never have been generated for it but since anti-malware vendors have to deal with incompetent testers who use things like eicar and spycar in comparative reviews they have no choice but to add signatures for it...

i predicted signatures for spycar would be added to signature-based products before spycar was even released, so it doesn't surprise me in the least that that has actually happened... i am a little surprised that others think there's anything remarkable (in a good or bad way) about it though...

Dr Anton Chuvakin