funsec mailing list archives
Re: Consumer Reports Slammed for Creating 'Test' Viruses
From: Drsolly <drsollyp () drsolly com>
Date: Sun, 20 Aug 2006 15:29:25 +0100 (BST)
On Sat, 19 Aug 2006, Blue Boar wrote:
Drsolly wrote:But could you write 5,000 of them to use as a test set?5000 isn't my number. Just 1 tells you something. If I feel that some large number is important, then I want to write a virus generator, don't I?
All the virus generators I've seen, write just one virus, and a bunch of variants.
Would they work in a Dos box? Probably not - it isn't really DOs, is't actually some sort of Dos emulation (it can't directly address the hardware, it has to be filtered through Windows, I think).In that case, the simpler a virus, the better chance it has to run in the future. For example, if all it did were file infection, then it should likely run (modulo file permissions.)
See below.
But a virus (if it could actually run) would happily infect a Windows EXE file. And then that Win EXE file wouldn't work, for reasons as per above when went back to Windows and you tried to run it.Yes, I saw some of that myself when I was doing IT. The win.com file would let you know when you were infected. :)OK, specify another test strategy, I'll see if I can find the flaw.>Maybe you could, but a sample of one, isn't really good enough for product testing. Now - if it takes you two weeks (a really conservative estimate) to write a PE virus, how long would it take you to write 5,000? Answer - 200 years. Not feasible.So how about those virus creation kits... make one that actually works? (I.e. I make one that works, not fight with the existing ones...) How about a polymorphic packer, which is actually closer to being a currently used technique?
That's almost like one virus.
But still, just one tells you something about how the AV product works. How many does it take to infect you?
Anyone who thinks that a sample of one is enough for any sensible test, is going to be all alone. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Consumer Reports Slammed for Creating 'Test' Viruses, (continued)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses security curmudgeon (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)