[funsec] Consumer Reports Slammed for Creating 'Test' Viruses
BlueBoar at thievco.com
Sat Aug 19 19:09:19 CDT 2006
> But could you write 5,000 of them to use as a test set?
5000 isn't my number. Just 1 tells you something. If I feel that some
large number is important, then I want to write a virus generator, don't I?
> Would they work in a Dos box? Probably not - it isn't really DOs, is't
> actually some sort of Dos emulation (it can't directly address the
> hardware, it has to be filtered through Windows, I think).
In that case, the simpler a virus, the better chance it has to run in
the future. For example, if all it did were file infection, then it
should likely run (modulo file permissions.)
> But a virus (if it could actually run) would happily infect a
> Windows EXE file. And then that Win EXE file wouldn't work, for reasons as
> per above when went back to Windows and you tried to run it.
Yes, I saw some of that myself when I was doing IT. The win.com file
would let you know when you were infected. :)
> OK, specify another test strategy, I'll see if I can find the flaw.
> Maybe you could, but a sample of one, isn't really good enough for product
> testing. Now - if it takes you two weeks (a really conservative estimate)
> to write a PE virus, how long would it take you to write 5,000?
> Answer - 200 years. Not feasible.
So how about those virus creation kits... make one that actually works?
(I.e. I make one that works, not fight with the existing ones...) How
about a polymorphic packer, which is actually closer to being a
currently used technique?
But still, just one tells you something about how the AV product works.
How many does it take to infect you?
More information about the funsec