Re: Consumer Reports Slammed for Creating 'Test' Viruses

[Blue Boar <BlueBoar () thievco com>]

Drsolly wrote:
> I've noticed a lot of bad feeling against the AV companies. People think 
> they write the viruses,

*I* don't think that, generally speaking.  (I seriously doubt that no 
one, ever, working for an AV company hasn't written or modified some 
malware.  But generally, no, I don't believe they are creating the malware.)

However, that is a HUGE reason why AV people are so paranoid about 
creating malware, because of 20 years of people waiting to pounce the 
moment there is a hint that they do.

> people think that AV products should be made so they don't need updates. 

*I* don't think that.  I think that AV relies almost entirely on 
signature updates.  However, if there is going to be any claim for 
detection for unknown malware, then that claim is fair game for testing.

> A lot of the comments are "The AV companies don't like to see third party 
> testing, and that's why they're against this test."

I can see where some people would think that, but I don't find it to be 
a particularly strong argument.

> There's a lot of confusion about why this test isn't a good thing - too 
> many people are focusing on the ethical issue (I think that's a major red 
> herring, it's not too difficult to ensure the test files get destroyed) 
> and not enough are focussing on the issue of whether this is actually a 
> useful test.

I don't think I'm particularly worrying about the ethical question, I'm 
trying to find out why the test is not valid, strictly for determining 
functionality.

I DO think that many people from the AV companies let the ethical 
question strongly impact their logical arguments.

Here's where I left off, trying to find out why my virus would be 
different from anyone else's:

> > Drsolly wrote:
> > > No, I'm saying that there's an Intelligent Designer behind the 
> > > viruses, and your purpose isn't the purpose of the virus authors, and 
> > > you would design different viruses from the ones they would design.
> > OK, I'm not sure what would be qualitatively different about me the
> > virus author, versus the natural self-selected population of virus
> > authors, but at least I understand your position better.  For the
> > record, I wasn't trying to hint that I could write some
> > uber-polymorphic-super virus.  I'm under the impression that I could
> > write some 80's-style file infecter, and as long as it's original, it
> > wouldn't be detected.

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.