[funsec] Consumer Reports Slammed for Creating 'Test' Viruses
Blue Boar
BlueBoar at thievco.com
Sat Aug 19 19:09:19 CDT 2006
Drsolly wrote:
> But could you write 5,000 of them to use as a test set?
5000 isn't my number. Just 1 tells you something. If I feel that some
large number is important, then I want to write a virus generator, don't I?
> Would they work in a Dos box? Probably not - it isn't really DOs, is't
> actually some sort of Dos emulation (it can't directly address the
> hardware, it has to be filtered through Windows, I think).
In that case, the simpler a virus, the better chance it has to run in
the future. For example, if all it did were file infection, then it
should likely run (modulo file permissions.)
>
> But a virus (if it could actually run) would happily infect a
> Windows EXE file. And then that Win EXE file wouldn't work, for reasons as
> per above when went back to Windows and you tried to run it.
Yes, I saw some of that myself when I was doing IT. The win.com file
would let you know when you were infected. :)
> OK, specify another test strategy, I'll see if I can find the flaw.
>
> Maybe you could, but a sample of one, isn't really good enough for product
> testing. Now - if it takes you two weeks (a really conservative estimate)
> to write a PE virus, how long would it take you to write 5,000?
>
> Answer - 200 years. Not feasible.
So how about those virus creation kits... make one that actually works?
(I.e. I make one that works, not fight with the existing ones...) How
about a polymorphic packer, which is actually closer to being a
currently used technique?
But still, just one tells you something about how the AV product works.
How many does it take to infect you?
BB
More information about the funsec
mailing list