ViGuard Not Close Enough For Virus Work

The article is of interest on two different fronts: (1) It discusses the product alleged capabilities and how well or porrly they are achieved, and (2) it highlights the plight of the security researcher who analyzed the program, and publicized its failings, including showing some exploit code to illustrate his point(s). Now, he's been indicted and is facing trial.

The question is this: Did he "cross the line" by including/disclosing the exploit code? If he hadn't furnished his "proof", would they still have indicted him? What do you think??

Here's the link to the full article, and a small snippet of it:

ViGuard Not Close Enough For Virus Work:

The holy grail of malware detection is the generic threat detector, unburdened by the need for updates to account for every new variation of every virus that comes out every day. Such a product could just know a threat when it sees it based on the behavioral characteristics of the program.

These are the claims made by French software company Tegam International for ViGuard, a product that was in the news recently. Back in 2001 a security researcher analyzed the program and wrote that it did not measure up to the company's claims, and as part of the process wrote some exploit code to demonstrate the flaws. For his trouble he was indicted by a French court and is standing trial.