funsec mailing list archives

Re: Spam cube

From: Drsolly <drsollyp () drsolly com>
Date: Mon, 27 Mar 2006 21:58:23 +0100 (BST)

On Mon, 27 Mar 2006, Predrag Ivanovic wrote:

On Mon, 20 Mar 2006 09:12:15 +1200
Nick FitzGerald wrote:

Predrag Ivanovic to Drsolly to ???:

percent of viruses discovered/removed?


You would not believe how difficult this one is to measure.


IIRC,methodology used for one of the reviews was:
1.put as many malware on computer as you can


As Alan has already indicated, you make that sound so easy...


Well,I've seen quite a few users who managed to collect 2000+ viruses,
without even knowing,so it's not *that* hard :-)


It's very hard.

Are these 2000+ actually all virueses, or have they included stuff that 
some program *said* was a virus? Are they all different, or do you have 
1999 copies of Wheelbarrow virus and one Owlmaster virus?

Just kidding,I understand  that these "test-cases"(heh) are unusable for any
serious,competent test.


Indeed.

 
<snip excellent insight to AV testing>


Aside from having had a general to advanced technical interest in all 
AV product testing issues for a large part of the last ~15 years, I 
also worked in independent AV product testing for a couple of years and 
dealt with all these things on an almost daily basis.


I would like to thank you,Nick,Drsolly,and all others that replied in this
thread.
I honestly had no idea how complex this field is and how much work
and expertise it requires.Now,I think I understand a bit better,thanks.
Also,larting all those people that claim that there is " a conspiracy between
AV vendors and virus writers" seems completely justified now,nobody
in their right mind would put this amount of work willingly on themselves :-)


People used to ask me, "Do you write viruses, or pay virus authors to 
write them?" And I'd answer with a grin to demonstrate that I wasn't being 
entirely serious "Why would I pay them, they do it for free."

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Spam cube, (continued)
- - - Re: Spam cube Drsolly (Mar 20)
    - Re: Spam cube Stephen J. Smoogen (Mar 20)
    - Re: Spam cube Valdis . Kletnieks (Mar 19)
    - Re: Spam cube Drsolly (Mar 20)
    - Re: Spam cube Valdis . Kletnieks (Mar 20)
    - Re: Spam cube Drsolly (Mar 20)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Drsolly (Mar 19)
    - Re: Spam cube Nick FitzGerald (Mar 19)
    - Re: Spam cube Predrag Ivanovic (Mar 27)
    - Re: Spam cube Drsolly (Mar 27)
- Re: Spam cube Michal Zalewski (Mar 10)
  - Re: Spam cube Predrag Ivanovic (Mar 19)
- Woman gets beer from her kitchen faucet Kevin McAleavey (Mar 13)
- Re: Spam cube Gregory Hicks (Mar 20)