|
Posted by B. Nice on August 6, 2006, 2:37 am
If you were Registered and logged in, you could reply and use other advanced thread options
>b__nice@hotmail.com says...
>>
>> >> However, there's no reason why Volker's tool should be declared as
>> >> "Security/Privacy Risk", whereas it's more likely the contrary.
>> >
>> >It his tool is using the same exploit then it should be detected or the
>> >anti-malware tools are not doing their job. Why is this so hard for you
>> >to understand?
>>
>> Why is it so hard for you to understand that the intention makes all
>> the difference?
>
>I do understand. Why is it so hard for you to understand that antivirus
>software doesn't understand things like INTENTION.
Of course it does'nt. But humans do. And humans can whitelist specific
programs with specific signatures when those are determined to be
false positives. That is the conclusion one must draw from the
thorough discussion about this topic already made in the beginning of
June between Jason Edwards and yourself in the thread "The coalition
against personal firewalls".
>I personally don't care, that seems to be your comprehension problem. VB
>complained that AV was targeting his POC samples, and it wasn't
>targeting HIS anything, it was targeting something that uses an exploit.
>
>> You are basically saying, that if a malware uses a specific technique
>> for malicious purposes, then every other program using the same
>> technique should also be considered malware.
>
>Yes, if something uses an EXPLOIT it should be considered malware by
>AV/detection tools. If the hole/exploit was a proper method it would not
>be called an Exploit, would it.
Your problem is that a windows API function is neither a hole nor an
exploit
http://en.wikipedia.org/wiki/Exploit_(computer_security)
| 
