Re: Consumer Reports Slammed for Creating 'Test' Viruses

[Blue Boar <BlueBoar () thievco com>]

Drsolly wrote:
> But could you write 5,000 of them to use as a test set?

5000 isn't my number.  Just 1 tells you something.  If I feel that some 
large number is important, then I want to write a virus generator, don't I?

> Would they work in a Dos box? Probably not - it isn't really DOs, is't 
> actually some sort of Dos emulation (it can't directly address the 
> hardware, it has to be filtered through Windows, I think).

In that case, the simpler a virus, the better chance it has to run in 
the future.  For example, if all it did were file infection, then it 
should likely run (modulo file permissions.)

> But a virus (if it could actually run) would happily infect a 
> Windows EXE file. And then that Win EXE file wouldn't work, for reasons as 
> per above when went back to Windows and you tried to run it.

Yes, I saw some of that myself when I was doing IT.  The win.com file 
would let you know when you were infected. :)

> OK, specify another test strategy, I'll see if I can find the flaw.
>
> Maybe you could, but a sample of one, isn't really good enough for product 
> testing. Now - if it takes you two weeks (a really conservative estimate) 
> to write a PE virus, how long would it take you to write 5,000?
>
> Answer - 200 years. Not feasible.

So how about those virus creation kits... make one that actually works? 
  (I.e. I make one that works, not fight with the existing ones...) How 
about a polymorphic packer, which is actually closer to being a 
currently used technique?

But still, just one tells you something about how the AV product works. 
 How many does it take to infect you?

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.