Congratulations to Virus Bulletin, the journal of the anti-virus industry, which is celebrating its 25th birthday today.
Virus Bulletin, affectionately known to its readers as “VB”, is entering a new era under the stewardship of Martijn Grooten and John Hawes.
The days of having a subscription and receiving a printed copy of the latest VB in the post or a link to its PDF are behind us, and from now on all of Virus Bulletin’s content will be freely available to read on its website.
This is undoubtedly good news for the many out there who are interested in computer security, vulnerabilities, analyses of malware, and discussions of spam techniques.
Hopefully it may encourage even more folks to attend the annual Virus Bulletin conference which leapfrogs around the world each autumn (this year it will be in Seattle).
By the way, the name “Virus Bulletin” is something of a misnomer these days as it is broadening its range far beyond malware (and more recently spam) to cover all areas of computer security.
Nevertheless, there’s lots of good stuff that has been printed in the last 25 years, and I’m delighted to see that Virus Bulletin plans to publish online its extensive archive of articles, stretching back to the good old days of when it used to encourage readers to enter specific hex codes to detect the handful of viruses found each month.
I’m hoping I’ll soon be able to dig out its (somewhat grumpy) write-up of the first professional anti-virus software I ever wrote: “Dr Solomon’s Anti-Virus Toolkit for Windows” which I seem to recall they likened to inflatable bananas and a pair of plastic breasts.
It didn’t have that too many kinds words to say back in late 1992 about the entire concept of a Windows-based anti-virus program to be honest.
Congratulations to the guys at Virus Bulletin – here’s to another 25 glorious years! And don’t worry, I’ve forgiven you for the “inflatable bananas” comment.
"From a security viewpoint it is flawed."
While I know of VB and I remember it from over the years. And while I certainly extend my congratulations on the 25 year anniversary (my congratulations for whatever it may be worth, anyway), I do find that above quote rather funny. I would have thought similar back then although perhaps not as much because there was a lot less to judge by then. But let's be honest. By that point there had already been MBR/BS, multipartite, piggybacking, and probably other techniques (like I don't know, maybe a certain worm known as The Morris Worm and that was abusing multiple attack vectors in UNIX, not Windows, not DOS)…. so it is pretty laughable to suggest that it was a flawed idea. In fact, I question the way they word it. From a security viewpoint it is flawed. Is it not a security product? Then what else could it be flawed in? Okay that's semantics but there's more to it than that. It was one of multiple ways to protect. It is interesting, however, more than laughable: there is never enough foresight. Indeed, even things that are designed with security in mind (which ARPANet was not, the Internet was not, Windows was not, UNIX was not, …) have had flaws and this will always be the case (after all, did a human make it? If yes – which is the case – then what is in the way to stop the reverse or at least brute forced? Nothing but ignorance and/or denial).
So VB is going free. Great.
How are they going to pay the bills going forward?
They're going to make submissions to VB pay for the privilege of being added to the "magazine".
This isn't going to end well.
It is not even a week. Give it some time. I somehow doubt that they consider it a privilege by any means of the imagination (reality or otherwise, dream or not). Indeed, often those who discover malware do not even get a chance to name it let alone provide anything but the actual bug itself. They don't even get named as the person who discovered it (makes sense too: what if THEY wrote it?). Is that really a privilege? I think no – even those who discover flaws in commonly used software get more credit than that (and those who submit a patch to add new functionality*, fix a bug* or otherwise, get more credit too).
*I know because I've done exactly those.
So then: Did they state this somewhere? If not you are just speculating (at best and at worst assuming) and that is not helpful. There is not a person in the world who is more cynical (and who has never been proven wrong with respect to cynicism), than me, but even I will give them the benefit of the doubt until shown otherwise. Do not by any means take this the wrong way. I am not suggesting your claim to be true or false nor am I stating that I believe one way or the other will unfold. I am however suggesting that unless you have positive evidence for it, you're just assuming and that isn't going to help anyone (and neither will it change anything). Shortly there are always things that aren't visible or clear and that includes good and bad things. Time and again these types of things occur, speculation follows and then that speculation was shown to be incorrect all the while potentially causing upset/fear/whatever else. A perfect example is after an explosion at a Shell station: is it deliberate or was there a gas leak? It takes time to learn the full details. This recently (this = such an incident) happened in Rotterdam but you know, that isn't the first explosion in Rotterdam and as far as I remember for the two I'm referring to, they were both simply accidents. And looking at their (VB) site briefly, I see nothing of your suggestion (admittedly I'm tired and my glasses do need to be cleaned but since I'm off soon I haven't bothered).