> Every AV company had, as target, to detect *all* viruses, > irrespective of whether it was known to be in the wild or > not. The wildlist was mostly of use to consumers to help them > avoid poor AV products.
Actually, it has virtually no direct relevance to consumers nowadays. Most of the names listed mean nothing unless you have access to the reference collection on which they're based. The collection still has some (limited) use because it's validated, and because it tells you something about a tested product's positioning inside the industry. A bigger collection tells you something different, if you have trust in a tester/collection maintainer's (usually unspecified) validation methodology. > > Instead of stabbing each other in the back to make a buck, the AV > > companies > > I don't think we ever did that. Actually, there was quite a > lot of cooperation between the techies (and I guess there still is). Of course there is. You can't judge an AV company -entirely- by its press releases. ;-) > No, we were extracting money from people who had, mostly, > already had an encounter with a virus, and didn't want another one. Actually, customers bear part of the responsibility for the survival of the sig subscription model, despite its serious limitations. They like the (near-)certainty of exact-ish identification, and want it all the time, even though it can't offer anything like 100% detection of all threats. When Krebs rubbishes generic detection, what he really means is that it's no use because it isn't exact ID. Like his audience, he wants exact ID before the fact, irrespective of whether it's actually feasible... -- David Harley _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.