[funsec] Consumer Reports Slammed for Creating 'Test' Viruses
drsollyp at drsolly.com
Thu Aug 17 17:00:18 CDT 2006
On Thu, 17 Aug 2006, Dude VanWinkle wrote:
> On 8/17/06, Blue Boar <BlueBoar at thievco.com> wrote:
> > OK, so if I write a virus today and test today's signature files... it's
> > not a valid test. However, if I save today's signature files, let
> > *other people* volunteer to write a bunch of viruses, and then test
> > those, it is.
> Kinda. It depends on what you are testing: whether your AV will put
> the kibosh on malicious code or whether it will detect Viruses that
> are "in the wild".
> You may be a better coder than most virus writers. You could be
> innovative where some viri authors are just using a util to disguise
> their code. The only way to check to see if your AV will detect what
> is out there, is by using what is out there.
> Of course if you are testing signature turn around, then you have to
> write your own IMO.
I just explained why that doesn't work either. Also, if an AV company
achieves a signature turnaround of one minute, at the expense of QC and
false positive testing, then you'd probably rate them as "Very good",
whereas the thousands of people plagued by the false alarm would rate them
It is really hard to test AV products. I really would refer you to me
"Perfect Antivirus", which is guaranteed, if used correctly, to detect
all viruses past, present and future 100%, and give zero false alarms. It
is also free.
Here's how you use it. You devise a product test, including a test
protocol and a scoring system. I give you PAV to test. If you wind up
saying that PAV is a good product, your test just failed the test.
More information about the funsec