Penetration Testing mailing list archives
RE: virus product pentest
From: "Aleksander P. Czarnowski" <alekc () avet com pl>
Date: Sun, 12 Sep 2004 21:30:34 +0200
Hi, I don't see any point of testing a common AV package against malware from wildlist because such testing is already performed on monthly basis in several safe labs due to certification scheme like VirusBulletin 100% for example. Secondly you can not provide a safe environment during pen-testing your customer systems so you brake fundamental security rules. You could download some virus collection that is floating around internet but keep in mind that to call a code a virus or worm it must replicate. So before judging that particular object is infected you need to replicate the samples. This requires again a safe lab without any external connections to networks. This is just a tip of an iceberg in terms of problems and issues related with using real malware. I am fully against such testing. You should also consider legal issue of such actions and possibility of malware escape which in turn will bring more legal actions and consideration. The things you should at least check: 1. is there on-access scanner enable 2. is av system multilayered 3. what is the policy regarding removable media 4. how email is protected/scanned 5. how quarantines servers are setup and are they properly secured 6. how patch-management policy is implemented Please note that this list forms rather a checklist for an audit not pen-test. At the end: do not use real malware if you do not know how to handle it and/or you don't have safe environment. Best Regards, Aleksander Czarnowski AVET INS ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- virus product pentest 4secure (Sep 12)
- Re: virus product pentest buzz (Sep 13)
- RE: virus product pentest Aleksander P. Czarnowski (Sep 13)
- RE: virus product pentest Debasis Mohanty (Sep 13)
- RE: virus product pentest Omar Herrera (Sep 13)
- <Possible follow-ups>
- RE: virus product pentest Ferino Mardo (Sep 13)