funsec mailing list archives
RE: Consumer Reports Slammed for Creating 'Test' Viruses
From: <Toralv_Dirro () McAfee com>
Date: Sun, 20 Aug 2006 03:03:30 +0100
Drsolly wrote:No, it's one of the worst ways, about on a par with throwing dice.If I were to write a new virus, I'm pretty confident that I could accurately predict the results of throwing it at 30 virus scanners.
Especially after running all 30 scanners aginst it and tuning your virus so long until no scanner detects it. People actually do this, luckily not everyone.
For the occasion claim that some AV package can detect new unknown viruses, or that some hueristic package can do so, creating a new virus in lab conditions is certainly a valid test. It's a crap shoot because that's how (in)effective AV is at spotting new things, not because the test is invalid.
Some AV products do a fairly good job detecting new viruses or new variants. Creating a new one to test this may appear as a valid way to test this, but transfering the results of this test to the general case in the real world is not easy. Read my other post how this invalidates the test compared to a test with old signatures and new malware that actually appeared in the world where the results are actually relevant.
I agree - the only test method that comes anywhere nearbeing able towork, is to run a three-month-old product against thecurrent crop ofviruses (and even that isn't as easy as it sounds).OK, so if I write a virus today and test today's signature files... it's not a valid test. However, if I save today's signature files, let *other people* volunteer to write a bunch of viruses, and then test those, it is.
Yes :)
You're not arguing against the validity of the test method, you're saying that you don't want additional viruses being created, because you don't like it.
I do argue against the validity of the test method. You writing a virus to test just shows how effective AV is against this new virus and the particular way you build it. I'm also saying I absolutely don't like new viruses to be created. cheers, Toralv ...speaking for myself, noone else. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Consumer Reports Slammed for Creating 'Test' Viruses, (continued)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Valdis . Kletnieks (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 21)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 21)