funsec mailing list archives
Re: Consumer Reports Slammed for Creating 'Test' Viruses
From: Blue Boar <BlueBoar () thievco com>
Date: Sat, 19 Aug 2006 16:37:16 -0700
Drsolly wrote:
Not so. We felt the same in 1990. I was there.
So you were 10 years ahead. ;)
You could do what you suggested, and write 5,000 new and original 80's style file infectors, show those to a dozen AV products, and discover that they detect just 1% of your new viruses.
That would be about the result I expect.
The BIG BIG flaw in that test, is that 80's style file infectors (which means viruses that work under Dos, of course, there were no PE infectors then) simple are not a threat today, because I doubt if you'll find one computer in a million that is still running Dos (or one in a thousand that even runs products in a Dos box, ever). And the same 80's Dos viruses won't work under Windows; if you want to see why, get a bunch of Dos file viruses, and try to run them under Windows.
Very good, you've pointed out the fatal flaw in my strawman quip, rather than addressing the point. Which is, one could write a simple, viable Windows file-infecter virus, and my expectation is that current AV products will not do well at detecting it. The point being, that AV products do not do well at detecting new malware for which no signature has been developed.
By "80-style", I meant some sort of simple file infecter that relies on quaint human behavior to help it, like people copying the infected files onto a floppy, and giving them to friends.
As a side topic, I am curious as to why DOS viruses wouldn't work well. I run a number of DOS programs under Windows, from time to time. Do you mean the typical interrupt-hooking behavior? File protection?
So, your test would "expose" the AV products as useless against new viruses, and your test would be completely wrong, because you wronte the Wrong Sort of Viruses.
And how would they fare when I wrote the right kind?
AV product testing is *difficult*. I'm not saying it's impossible, but newbies to the game, pretty much invariably get it badly wrong. Like I said, I could tell you some very ugly stories ...
I don't disagree that it could be easy to get it wrong, but I kinda feel like I could actually write a working virus, and point a virus scanner at it.
BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Current thread:
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Alex Eckelberry (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses security curmudgeon (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)