funsec mailing list archives
Re: Consumer Reports Slammed for Creating 'Test' Viruses
From: Drsolly <drsollyp () drsolly com>
Date: Thu, 17 Aug 2006 21:20:16 +0100 (BST)
On Thu, 17 Aug 2006, Blue Boar wrote:
Blanchard_Michael () emc com wrote:Certainly is my opinion, I can't give anyone else's ;-)I say that because you assert it like it's a provable fact.When is it appropriate to write a new virus that the rest of us get stuck cleaning up?For one, I agree with Jericho (apologies if I'm putting words in his mouth) that generating a new virus is probably the best way to test a virus scanner that is expected to detect new viruses.
No, it's one of the worst ways, about on a par with throwing dice.
I'm pretty sure I already know what the answer would be before I even tried, but if I were trying to test it, that would be how I would want to do it. If I were trying to see how quickly AV companies could write a signature for a new virus, there's one obvious way to do that.
No, there isn't, actually. Because how long it takes to "write a
signature" depends very much on chance. You can write a new virus that is
already covered by an existing signature, or you could write an intensely
polymorphic virus that some companies could handle quite quickly because
they have one sort of engine (while others couldn't), or vice versa.
But the big thing that all this loses sight of, is that virus writing
isn't a stochastic process, or even evolutionary. In this case,
Intelligent Design is the appropriate theory. A new virus is designed by
someone, and if they want to make it beat the heuristics of any one (or
several) AV products, then they will.
I agree - the only test method that comes anywhere near being able to
work, is to run a three-month-old product against the current crop of
viruses (and even that isn't as easy as it sounds).
AV product testing is extremely difficult; the fist difficulty, is getting
people to understand what the problems are, when what they actually want
to do is something that takes an hour, and they don't really care what.
The testing of {AV product testing}, tends to be easier, because there
are so many appallingly bad AV product tests.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Current thread:
- Re: Consumer Reports Slammed for Creating 'Test' Viruses, (continued)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Michal Zalewski (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Blanchard_Michael (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Michal Zalewski (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Axel Pettinger (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Valdis . Kletnieks (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)