funsec mailing list archives
Re: Spam cube
From: Drsolly <drsollyp () drsolly com>
Date: Mon, 27 Mar 2006 21:58:23 +0100 (BST)
On Mon, 27 Mar 2006, Predrag Ivanovic wrote:
On Mon, 20 Mar 2006 09:12:15 +1200 Nick FitzGerald wrote:Predrag Ivanovic to Drsolly to ???:percent of viruses discovered/removed?You would not believe how difficult this one is to measure.IIRC,methodology used for one of the reviews was: 1.put as many malware on computer as you canAs Alan has already indicated, you make that sound so easy...Well,I've seen quite a few users who managed to collect 2000+ viruses, without even knowing,so it's not *that* hard :-)
It's very hard. Are these 2000+ actually all virueses, or have they included stuff that some program *said* was a virus? Are they all different, or do you have 1999 copies of Wheelbarrow virus and one Owlmaster virus?
Just kidding,I understand that these "test-cases"(heh) are unusable for any serious,competent test.
Indeed.
<snip excellent insight to AV testing>Aside from having had a general to advanced technical interest in all AV product testing issues for a large part of the last ~15 years, I also worked in independent AV product testing for a couple of years and dealt with all these things on an almost daily basis.I would like to thank you,Nick,Drsolly,and all others that replied in this thread. I honestly had no idea how complex this field is and how much work and expertise it requires.Now,I think I understand a bit better,thanks. Also,larting all those people that claim that there is " a conspiracy between AV vendors and virus writers" seems completely justified now,nobody in their right mind would put this amount of work willingly on themselves :-)
People used to ask me, "Do you write viruses, or pay virus authors to write them?" And I'd answer with a grin to demonstrate that I wasn't being entirely serious "Why would I pay them, they do it for free." _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Spam cube, (continued)
- Re: Spam cube Drsolly (Mar 20)
- Re: Spam cube Stephen J. Smoogen (Mar 20)
- Re: Spam cube Valdis . Kletnieks (Mar 19)
- Re: Spam cube Drsolly (Mar 20)
- Re: Spam cube Valdis . Kletnieks (Mar 20)
- Re: Spam cube Drsolly (Mar 20)
- Re: Spam cube Nick FitzGerald (Mar 19)
- Re: Spam cube Drsolly (Mar 19)
- Re: Spam cube Nick FitzGerald (Mar 19)
- Re: Spam cube Predrag Ivanovic (Mar 27)
- Re: Spam cube Drsolly (Mar 27)
- Re: Spam cube Predrag Ivanovic (Mar 19)