Comments on: Race2Zero Results and Comments http://blog.threatfire.com/2008/08/race2zero-results-and-comments.html ThreatFireâ„¢ AntiVirus protects when others can't Fri, 06 Nov 2009 17:43:38 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: -=[ dxp ]=- http://blog.threatfire.com/2008/08/race2zero-results-and-comments.html/comment-page-1#comment-52 -=[ dxp ]=- Sun, 17 Aug 2008 20:24:00 +0000 http://newblog.threatfire.com/2008/08/race2zero-results-and-comments/#comment-52 Considering the fact that it took several participants several hours to bypass detection on all samples suggests that it is rather easy to evade any AV on any malware sample.<br/><br/>Forget the fact that source code to samples was not available, which it is available in the underground and makes it rather trivial for attackers perform effective evasion.<br/><br/>I think that before the con this contest received a lot of criticism, mainly from AV industry, and just noise in general. However, it appears that post contest attention is rather weak. <br/><br/>The whole contest and results should be publicized with more detail to put some real pressure on the AV guys, or rather their companies, to make better product decisions. Considering the fact that it took several participants several hours to bypass detection on all samples suggests that it is rather easy to evade any AV on any malware sample.

Forget the fact that source code to samples was not available, which it is available in the underground and makes it rather trivial for attackers perform effective evasion.

I think that before the con this contest received a lot of criticism, mainly from AV industry, and just noise in general. However, it appears that post contest attention is rather weak.

The whole contest and results should be publicized with more detail to put some real pressure on the AV guys, or rather their companies, to make better product decisions.

]]>