RE: Kaspersky strikes again

["Alex Eckelberry" <AlexE () sunbelt-software com>]

Virtual PCs are not necessarily all that useful for testing malware.
And one of your bigger challenges is in creating an adequate whitelist
to test against FPs.  You're talking at least 20 terrabytes of whitelist
data -- think of all the different versions of Office, all the drivers,
etc.  It's not a small undertaking. 

Alex


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Larry Seltzer
Sent: Sunday, December 23, 2007 7:22 AM
To: Thomas Raef; funsec () linuxbox org
Subject: RE: [funsec] Kaspersky strikes again

> > > How tough is it for a large company to have 50 or so "clean"
> > > workstations, packed with applications

> Especially virtual PCs? I would think that would be their test
platform of choice. 

I've been involved setting up in a lot of testing labs and this is the
dream scenario. It does ignore certain compatibility issues, in that
you're not testing real PCs, but the potential number of those is
infinite.

I think Andreas Marx at AV-Test has a virtual PC test lab. It's the only
way he could test the massive number of variants and products he does.
I'm sure it's like knocking down a zillion dominoes, all the work is in
setting up the test.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.