hype-free
Disclaimer: the views expressed here are my own, and unless expressly stated, do not necessarily represent the views of any former or current employer.
Automated security analysis is good for dealing with a large flux of (possibly) malicious files, however information resulting from these types of sources must be clearly marked as such (as oppsed of information derived by humans). Example:
In a malware description from TrustedSource we find the following lines (emphasis added):
C:\autorun.inf This is a non malicious text file with the following content:
[autorun] shellexecute=Recycled\Recycled\ctfmon.exe shell\Open(&O)\command=Recycled\Recycled\ctfmon.exe shell=Open(&0)
Clearly this is one of those simplistic infect USB drives
type of malware and the autorun.inf file is a key component of. While it is not harmful in it self, it should clearly be removed (an analogy might help: lets say that a malware is composed out of an executable and a dll which it loads. The dll itself is not active
unless the executable loads it, but is still should be marked and removed).
In conclusion: automatically generated information is good, but please do mark it as such. And also: in the name of science, question everything:
Subscribe via e-mail
0 comments:
Post a Comment
You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.