funsec mailing list archives
RE: Consumer Reports Slammed for Creating 'Test' Viruses
From: Larry Seltzer <Larry () larryseltzer com>
Date: Mon, 21 Aug 2006 09:46:10 -0400
In the past, when I was the victim of an appallingly poor product
test, I was able to examine the test set, to show the tester where they'd gone wrong...
If you delete the test set, then such forensic examination, isn't
possible. If you don't delete the test set, then you have the problem of long term secure storage (which is solvable, but isn't trivial). Very fair point. If I were running such tests I'd archive several copies of the tests and viruses and any ancillary files on CD-ROM and delete all the live ones. I have a few such copies here from virus tests I've done in the past.
Would CR be willing to subject their methodology to proper expert
examination? Or are they 100% confident that there couldn't possibly be any problems? If they don't then they have a credibility problem. Sometimes testing outfits will cry "work product!" or something like that, and I suppose you don't want to make such files generally available for download. But if the vendor were to ask, under an appropriate non-disclosure, to examine the files I don't think there's any fair reason to deny them. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Consumer Reports Slammed for Creating 'Test' Viruses, (continued)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 20)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 20)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 21)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 23)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 23)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 23)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 23)
- IBM TO ACQUIRE INTERNET SECURITY SYSTEMS Larry Seltzer (Aug 23)