LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

unlikely

unlikely

Posted Apr 9, 2006 23:06 UTC (Sun) by Tashlan (guest, #17277)
In reply to: unlikely by copsewood
Parent article: Crossplatform virus - the latest proof of concept

While not exactly what you are arguing, the AV vendors lack of response to Sony's Rootkit comes to mind.

(Log in to post comments)

Sony root kit and Back Orifice

Posted Apr 10, 2006 9:13 UTC (Mon) by copsewood (subscriber, #199) [Link]

They have enough trouble keeping up with malware supplied by cracker-culture conformant black hats. When people who look like white hats suddenly behaved like black hats this exploited a blind spot which got such malware under the AV radar for a while. This is not an entirely new problem for the AV community. What is the difference between remote control programs which are malware (e.g. Back Orifice) and those which are legitimate but very unobtrusive to the machine being remotely controlled in normal use ? I think the best answer I can give to this is based on the assumed intentions of the suppliers of such products. This criteria is also going to be very unsatisfactory from the POV of the AV community, who would naturally want to be able to use less subjective criteria, but what alternatives do they have ? This kind of problem is why Windows AV or Linux rootkit scanners can only ever be a small part of an overall security solution.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds