funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Consumer Reports Slammed for Creating 'Test' Viruses

From: Drsolly <drsollyp () drsolly com>
Date: Mon, 21 Aug 2006 15:11:57 +0100 (BST)
On Mon, 21 Aug 2006, Larry Seltzer wrote:


In the past, when I was the victim of an appallingly poor product

test, I was able to examine the test set, to show the tester where
they'd gone wrong...

If you delete the test set, then such forensic examination, isn't

possible. If you don't delete the test set, then you have the problem of
long term secure storage (which is solvable, but isn't trivial).

Very fair point. If I were running such tests I'd archive several copies
of the tests and viruses and any ancillary files on CD-ROM and delete
all the live ones. I have a few such copies here from virus tests I've
done in the past.


Would CR be willing to subject their methodology to proper expert

examination?  Or are they 100% confident that there couldn't possibly be
any problems? 

If they don't then they have a credibility problem. Sometimes testing
outfits will cry "work product!" or something like that, and I suppose
you don't want to make such files generally available for download. But
if the vendor were to ask, under an appropriate non-disclosure, to
examine the files I don't think there's any fair reason to deny them. 

 
OK. How about you ask for them, and find someone clueful to examine them.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: