OK, last try to convince you... :) > It's not a bug, it's a design property of such ssystems
In other words: it is a design error (feature). As I point out my whitepaper, the "changed" viruses STILL detected with the SAME signature. And then, "a magic" - you change the FIRST byte to anything and the virus is detected, but when you change to "M" (exe magic byte) - the AV fails.What is your conclusion? Regards, Andrey Bayora. ----- Original Message ----- From: "Florian Weimer" <[EMAIL PROTECTED]> To: "Andrey Bayora" <[EMAIL PROTECTED]> Cc: <debian-security@lists.debian.org> Sent: Thursday, November 03, 2005 11:25 PM Subject: Re: clamav and magic byte > * Andrey Bayora: > > >> "...Andrey Bayora just describes one way to create new viruses, there are > > countless others." > > > > Please, read http://www.securityelf.org/magicbyteadv.html - there > > are 13 CVE numbers issued for this BUG. > > Often, CVE numbers are assigned because vendors release updates, not > to bless a bug in some way. > > > If it is not - why AV vendors issues patches for this "issue"? > > Apparent inaction (leading to a potential loss in market share) is > more expensive than pushing out updates to customers, it seems. > > > The "new viruses" opinion comes mostly from AV companies that did not want > > to believe that their AV has such trivial BUG. > > It's not a bug, it's a design property of such ssystems. > > To be clear, the issue you point out is real, but this is the > fundamental problem with client-side antivirus software: It can only > detect things which haven't been specifically crafted to go > undetected. Since (most?) signatures are publicly available, it's > pretty easy to tweak your malware until it passes popular scanners. > > In this round of Core Wars, the piece of software which was written > last almost always wins. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
