[funsec] Consumer Reports Slammed for Creating 'Test' Viruses

security curmudgeon jericho at attrition.org
Thu Aug 17 11:12:23 CDT 2006

On Thu, 17 Aug 2006, Blanchard_Michael at emc.com wrote:

: None of their new viruses got out AFAIK, but it happens under the most 
: controlled circumstances.  In my eyes there is never a need to create 
: new viruses for testing purposes...

If the goal of the test is to determine which scanner can detect 
previously 'unknown' or undocumented viruses, then there would be a need 
to create some.

If a testing lab can create 5500 unique viruses that fast and that easily, 
then I would imagine a lot of other people could, including the bad guys. 
While most (all?) of them would be variations on existing viruses, it 
would be nice to know that the AV scanners are smart enough to detect 
them. Without such a test, hard to know that. The obvious reply to this 
being "let the AV vendors do that, they are the experts!" Yes, the experts 
who won't standardize on naming and who's entire business model relies on 
them detecting the most the best. =)

More information about the funsec mailing list