Re: Consumer Reports Slammed for Creating 'Test' Viruses

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 8/17/06, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:
> On Thu, 17 Aug 2006 12:06:25 EDT, Blanchard_Michael () emc com said:
> >
> > None of their new viruses got out AFAIK, but it happens under the most
> > controlled circumstances.  In my eyes there is never a need to create new
> > viruses for testing purposes...
>
> So you're an A/V package author/developer.  How do you test your software's
> ability to deal with variant versions of stuff before you put out a pattern
> for it?

Testing heuristics is different than the signitures. It should be as
simple as running a scan on malware without the help of virus
signitures. Right?

You arent going to be releasing new heuristics with anywhere the
frequency of your virus signiture updates.

BTW, JIC you missed this method:
(from fergs link to the sunbelt blog)
There is a more scientific way of measuring real proactive detection
of AV products on future malware - it is called "proactive testing" or
"retrospective testing". The idea is to measure, say, 3-month old AV
product against real field viruses that appeared within these last 3
months. The discussion of the methodology of such tests can be found
here and some real test results with common AV products are on the
AV-comparatives.org site.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.