funsec mailing list archives
Re: Consumer Reports Slammed for Creating 'Test' Viruses
From: Drsolly <drsollyp () drsolly com>
Date: Sun, 20 Aug 2006 00:10:47 +0100 (BST)
On Sat, 19 Aug 2006, Blue Boar wrote:
Drsolly wrote:I've noticed a lot of bad feeling against the AV companies. People think they write the viruses,*I* don't think that, generally speaking. (I seriously doubt that no one, ever, working for an AV company hasn't written or modified some malware. But generally, no, I don't believe they are creating the malware.) However, that is a HUGE reason why AV people are so paranoid about creating malware, because of 20 years of people waiting to pounce the moment there is a hint that they do.
Not so. We felt the same in 1990. I was there.
people think that AV products should be made so they don't need updates.*I* don't think that. I think that AV relies almost entirely on signature updates. However, if there is going to be any claim for detection for unknown malware, then that claim is fair game for testing.
I agree, but the testing has to be more realistic than "create a bunch of variants".
I don't think I'm particularly worrying about the ethical question, I'm trying to find out why the test is not valid, strictly for determining functionality. I DO think that many people from the AV companies let the ethical question strongly impact their logical arguments. Here's where I left off, trying to find out why my virus would be different from anyone else's:Drsolly wrote:No, I'm saying that there's an Intelligent Designer behind the viruses, and your purpose isn't the purpose of the virus authors, and you would design different viruses from the ones they would design.OK, I'm not sure what would be qualitatively different about me the virus author, versus the natural self-selected population of virus authors, but at least I understand your position better. For the record, I wasn't trying to hint that I could write some uber-polymorphic-super virus. I'm under the impression that I could write some 80's-style file infecter, and as long as it's original, it wouldn't be detected.
That's where we left off, and I wasn't going to continue the thread, but since you've brought it up again, well, then I'll answer that. You could do what you suggested, and write 5,000 new and original 80's style file infectors, show those to a dozen AV products, and discover that they detect just 1% of your new viruses. The BIG BIG flaw in that test, is that 80's style file infectors (which means viruses that work under Dos, of course, there were no PE infectors then) simple are not a threat today, because I doubt if you'll find one computer in a million that is still running Dos (or one in a thousand that even runs products in a Dos box, ever). And the same 80's Dos viruses won't work under Windows; if you want to see why, get a bunch of Dos file viruses, and try to run them under Windows. So, your test would "expose" the AV products as useless against new viruses, and your test would be completely wrong, because you wronte the Wrong Sort of Viruses. AV product testing is *difficult*. I'm not saying it's impossible, but newbies to the game, pretty much invariably get it badly wrong. Like I said, I could tell you some very ugly stories ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Alex Eckelberry (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses security curmudgeon (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)