Re: Massive AV fail
You mean like that?: http://tinyurl.com/Hahs-Whitelist
AV in general is outdated. Even the NSA points out, the only real protection is a whitelist of applications. Preferable one based on Hash Values. As they're fingerprint-like there is no way to imitate a Hash Value.
Even though a Hash Collision is possible (as a proof of concept), but that doesn't make a hash based Application Whitelist vulnerable.
Also see: https://en.wikipedia.org/wiki/Collision_attack
and
https://en.wikipedia.org/wiki/Preimage_attack
The Preimage Attack is what you want to go for when attacking a Hash Based Whitelist. If you have enough time, i.e. a few million years!
Best
SecuLution
Your friendly neighborhood Whitelister
Biting the hand that feeds IT
