Monday, September 04, 2006

Second Coder Wins

Second coder wins

I subscribe to the school of thought that says the second coder always wins. By that, I mean that after you write your "undetectable" rootkit, someone will analyze it, and find a way to detect it. If your malware kills all the protection mechanisms on a victim, then the AV vendors will recode their apps so that the technique you used to kill them no longer works. IDS vendors will find a way to detect your IDS evasion, and so on.

Exceptions: Crypto might be an exception, though I've been surprised by the number of crypto algorithms that have fallen in recent years.

No comments: