TIP: Click on subject to list as thread! ANSI
echo: alt-comp-anti-virus
to: ALL
from: JAX
date: 2014-12-15 10:49:00
subject: Re: ~BD~, Ask Dustin Cook

FromTheRafters  wrote in
news:m6n2qt$dtp$1@news2.open-news-network.org: 

> Jax wrote :
>> FromTheRafters  wrote in
>> news:m6mmoa$602$1@news2.open-news-network.org: 
>>
>>> ~BD~ formulated on Monday :
>>>> On 15/12/2014 11:13, p-0''0-h the cat (ES) wrote:
>>>>> On Mon, 15 Dec 2014 05:57:14 -0500, FromTheRafters
>>>>>  wrote:
>>>>> 
>>>>>> After serious thinking p-0''0-h the cat (ES) wrote :
>>>>>>> On Mon, 15 Dec 2014 05:36:58 -0500, FromTheRafters
>>>>>>>  wrote:
>>>>>>> 
>>>>>>>> I don't care why you posted the scoring info, and even less
>>>>>>>> about how Jax *still* thinks something was wrong with
>>>>>>>> exevalid after all of the explanations we have provided.
>>>>>>>> Jax and Crybaby don't seem to be at all concerned about
>>>>>>>> providing truthful posts. 
>>>>>>> 
>>>>>>> That really is funny. Exevalid had a major mathematical flaw
>>>>>>> in the 'coding'. It's a heap of ####. No amount of
>>>>>>> 'explanations' will ever change that. 
>>>>>> 
>>>>>> I stand corrected. Jax, Crybaby, and Pooh.
>>>>> 
>>>>> Pooh doesn't need to lie.
>>>> 
>>>> It appears that Rafters has a sense of humour failure this
>>>> morning. :-( 
>>>> 
>>>> Perhaps he got out of the wrong side of the bed; for him, it is
>>>> VERY early to be posting! He'll be "good to go" after another
>>>> mug of coffee! 
>>> 
>>> Still no coffee, but my comment was about the fact that exevalid
>>> had no flaw in the way it performed on the set of data for which
>>> it was designed. The comment by Ant was not to be taken as "I
>>> appreciate (am glad about) the fact that you didn't attempt to
>>> use it on modern PE executables" it was more of an "I appreciate
>>> (understand) that it wasn't designed for modern executables".
>>> Not a negative comment at all, as some people like to make it
>>> seem. 
>>> 
>>> I have no idea at this point whether Dustin misunderstood the 
>>> capabilities of the program when working on modern PEs (the
>>> header filesize information being bogus) or not, and I don't
>>> care, it still stands that the program was not flawed. It does
>>> indeed *appear* to be incongruous to take the absolute value of
>>> a natural number, but in this case it was correct.
>>> 
>>> My humor is fine, you just have to be sharp enough to 'get' it.
>>
>> Rafty that's a very lovely way of saying that Exevalid only works
>> on a small subset of the data it might reasonably expect to be 
>> presented with. 
> 
> It is not an AI program, it doesn't expect anything.
> 
>> You wrote.... Exevalid "performed on the set of data for which it
>> was designed". 
>>
>> Unfortunately Exevalid's design does not properly handle all the 
>> data it might get when run as an EXE validity checker. Especially
>> file sizes. Think about it! 
> 
> You don't know what file sizes it was designed to accept, or that
> it was designed for checking for all possible reasons a file might
> be considered invalid.
> 
> If it was designed to weed out smallish submitted suspected
> malware DOS MZ exe files which had been accidentally truncated,
> from a set of other smallish submitted files and to weed out any
> files not having the "MZ" header then why not write the program
> the way Dustin did? You would be left with the not-truncated
> smallish MZ purported executables wouldn't you?

Rafty so I guess Exevalid works brilliantly on the test data..... 
but fails on any data from the real world. That's not what I call a  
very useful. Just saying!    :)

-- 
Jax        
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.