Re: Consumer Reports Slammed for Creating 'Test' Viruses

[Blue Boar <BlueBoar () thievco com>]

Peter Kosinar wrote:
> As Nick and I pointed out in our previous replies, it's -incredibly- 
> easy to make the test meaningless from the technical point of view. 
> Quick summary: Did they check each of those 5500 pieces of malware and 
> actually verified that they work -and- that they perform their malicious 
> activity?

I don't mean to defend the Consumer Reports methodology in particular, I 
don't know anything about what they did.  Yes, I would tend to assume 
the worst, which would be something like they used some outdated 
toolkits to generate 5500 files, only some of which actually run.

Rather, I argue against the claim that writing new malware is never a 
valid test.

> Actually, Ryan, assuming that by 80's-style file infector you mean an
> infector for MS-DOS-running machines of those days -and- using the
> techniques common in those days, I doubt it'll be undetected by all
> the AVs. Yes, it is possible to write such a thing (and it is not all
> that difficult) with current knowledge and ideas but if you really
> adhered to the virus-writing principles used then, the result will be
> quite likely to be detected.

If I essentially copied some code or cobbled together something out 
examples of my copy of the Big Black Book of Computer Viruses, then yes. 
 If i did my own study of the PE file format, etc.. and wrote original 
code, I would be really impressed if it were flagged as a virus. 
Halting problem, and all that.

I don't particularly care to test my claim, though.

                                                BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.