funsec mailing list archives
RE: Consumer Reports Slammed for Creating 'Test' Viruses
From: <Toralv_Dirro () McAfee com>
Date: Sun, 20 Aug 2006 03:04:38 +0100
Exploit code doesn't self replicate...Yet it typically causes more damage than a trivial, off-the-mill virus created for research purposes in a controlled environment.
Some exploit code published actually certainly leads to a lot of damage caused by it's abuse. It does definitely more damage that some viruses, created for a test and wiped from the drives and the face of the earth afterwards, making sure no copy is left. BUT, an exploit code can be used to check if you're vulnerable or how well your defense against an attack using it works. It's got it's purpose and there is no feasible way to get those results without it. Viruses are just a generic kind of programs, written to modify other files to infect them or otherweise spreading. To verify how effective generic/heuristic detection of new viruses or new variants of old viruses in an AV product is, running a test with old signatures against malware that appeared later gives you the results you want - absolutely no need to create new ones for such a test. Also, if you do the later, creating new viruses, you run into a lot of problems. The most obvious: a) it invalidates your test results, as the way you chose to write them may favour some AV products, that simply are lucky their specific generic/heuristic detection is better suited to detect new malware created this way. b) it may invalidate your test results as you actually would have to prove that every single one created actually is a virus and works. To do that with 5.500 different viruses is certainly not easy..
There's nothing remarkably wrong with experimenting with somewhat dangerous technology, as long as the risk is moderate, and much of our common body of human knowledge can be attributed to such practices.
No. As long as you took the neccessary steps to eliminate the risk! cheers, Toralv ...speaking for himself, noone else. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Consumer Reports Slammed for Creating 'Test' Viruses, (continued)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Valdis . Kletnieks (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 21)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 21)