funsec mailing list archives

RE: Consumer Reports Slammed for Creating 'Test' Viruses

From: <Toralv_Dirro () McAfee com>
Date: Sun, 20 Aug 2006 03:04:38 +0100

Exploit code doesn't self replicate...


Yet it typically causes more damage than a trivial, 
off-the-mill virus created for research purposes in a 
controlled environment.


Some exploit code published actually certainly leads to a lot of damage
caused by it's abuse. It does definitely more damage that some viruses,
created for a test and wiped from the drives and the face of the earth
afterwards, making sure no copy is left.

BUT, an exploit code can be used to check if you're vulnerable or how
well your defense against an attack using it works. It's got it's
purpose and there is no feasible way to get those results without it.

Viruses are just a generic kind of programs, written to modify other
files to infect them or otherweise spreading. To verify how effective
generic/heuristic detection of new viruses or new variants of old
viruses in an AV product is, running a test with old signatures against
malware that appeared later gives you the results you want - absolutely
no need to create new ones for such a test.

Also, if you do the later, creating new viruses, you run into a lot of
problems. The most obvious:

a) it invalidates your test results, as the way you chose to write them
may favour some AV products, that simply are lucky their specific
generic/heuristic detection is better suited to detect new malware
created this way. 

b) it may invalidate your test results as you actually would have to
prove that every single one created actually is a virus and works. To do
that with 5.500 different viruses is certainly not easy..

There's nothing remarkably wrong with experimenting with 
somewhat dangerous technology, as long as the risk is 
moderate, and much of our common body of human knowledge can 
be attributed to such practices.


No. As long as you took the neccessary steps to eliminate the risk!


cheers,
Toralv

...speaking for himself, noone else.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Consumer Reports Slammed for Creating 'Test' Viruses, (continued)
- - - Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
    - Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
    - Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
    - Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
    - Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
    - Re: Consumer Reports Slammed for Creating 'Test' Viruses Valdis . Kletnieks (Aug 17)
    - RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 17)
  - RE: Consumer Reports Slammed for Creating 'Test' Viruses security curmudgeon (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Toralv_Dirro (Aug 19)
  - Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Toralv_Dirro (Aug 19)
  - Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Young, Keith (Aug 21)
  - RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 21)
    - Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 21)