funsec mailing list archives
Re: Consumer Reports Slammed for Creating 'Test' Viruses
From: Blue Boar <BlueBoar () thievco com>
Date: Sat, 19 Aug 2006 17:09:19 -0700
Drsolly wrote:
But could you write 5,000 of them to use as a test set?
5000 isn't my number. Just 1 tells you something. If I feel that some large number is important, then I want to write a virus generator, don't I?
Would they work in a Dos box? Probably not - it isn't really DOs, is't actually some sort of Dos emulation (it can't directly address the hardware, it has to be filtered through Windows, I think).
In that case, the simpler a virus, the better chance it has to run in the future. For example, if all it did were file infection, then it should likely run (modulo file permissions.)
But a virus (if it could actually run) would happily infect a Windows EXE file. And then that Win EXE file wouldn't work, for reasons as per above when went back to Windows and you tried to run it.
Yes, I saw some of that myself when I was doing IT. The win.com file would let you know when you were infected. :)
OK, specify another test strategy, I'll see if I can find the flaw.
>
Maybe you could, but a sample of one, isn't really good enough for product testing. Now - if it takes you two weeks (a really conservative estimate) to write a PE virus, how long would it take you to write 5,000?Answer - 200 years. Not feasible.
So how about those virus creation kits... make one that actually works? (I.e. I make one that works, not fight with the existing ones...) How about a polymorphic packer, which is actually closer to being a currently used technique?
But still, just one tells you something about how the AV product works. How many does it take to infect you?
BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Consumer Reports Slammed for Creating 'Test' Viruses, (continued)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Blue Boar (Aug 19)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 20)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses security curmudgeon (Aug 19)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 19)