Re: Consumer Reports Slammed for Creating 'Test' Viruses

[Drsolly <drsollyp () drsolly com>]

On Sat, 19 Aug 2006, Blue Boar wrote:

> Peter Kosinar wrote:
> > As Nick and I pointed out in our previous replies, it's -incredibly- 
> > easy to make the test meaningless from the technical point of view. 
> > Quick summary: Did they check each of those 5500 pieces of malware and 
> > actually verified that they work -and- that they perform their malicious 
> > activity?
>
> I don't mean to defend the Consumer Reports methodology in particular, I 

What? You mean, they didn't publish their methodology? Then how can we 
possibly know if it's any good?

> don't know anything about what they did.  Yes, I would tend to assume 
> the worst, which would be something like they used some outdated 
> toolkits to generate 5500 files, only some of which actually run.
>
> Rather, I argue against the claim that writing new malware is never a 
> valid test.

I suggest you specify a design that you think would work - then I can tell 
you why it won't. Note - writing 5,000 80's style viruses won't work, as 
explained in a previous email.

> > Actually, Ryan, assuming that by 80's-style file infector you mean an
> > infector for MS-DOS-running machines of those days -and- using the
> > techniques common in those days, I doubt it'll be undetected by all
> > the AVs. Yes, it is possible to write such a thing (and it is not all
> > that difficult) with current knowledge and ideas but if you really
> > adhered to the virus-writing principles used then, the result will be
> > quite likely to be detected.
>
> If I essentially copied some code or cobbled together something out 
> examples of my copy of the Big Black Book of Computer Viruses, then yes. 
>   If i did my own study of the PE file format, etc..

There were no PE viruses in the 1980s.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.