[funsec] Consumer Reports Slammed for Creating 'Test' Viruses
drsollyp at drsolly.com
Sun Aug 20 09:29:25 CDT 2006
On Sat, 19 Aug 2006, Blue Boar wrote:
> Drsolly wrote:
> > But could you write 5,000 of them to use as a test set?
> 5000 isn't my number. Just 1 tells you something. If I feel that some
> large number is important, then I want to write a virus generator, don't I?
All the virus generators I've seen, write just one virus, and a bunch of
> > Would they work in a Dos box? Probably not - it isn't really DOs, is't
> > actually some sort of Dos emulation (it can't directly address the
> > hardware, it has to be filtered through Windows, I think).
> In that case, the simpler a virus, the better chance it has to run in
> the future. For example, if all it did were file infection, then it
> should likely run (modulo file permissions.)
> > But a virus (if it could actually run) would happily infect a
> > Windows EXE file. And then that Win EXE file wouldn't work, for reasons as
> > per above when went back to Windows and you tried to run it.
> Yes, I saw some of that myself when I was doing IT. The win.com file
> would let you know when you were infected. :)
> > OK, specify another test strategy, I'll see if I can find the flaw.
> > Maybe you could, but a sample of one, isn't really good enough for product
> > testing. Now - if it takes you two weeks (a really conservative estimate)
> > to write a PE virus, how long would it take you to write 5,000?
> > Answer - 200 years. Not feasible.
> So how about those virus creation kits... make one that actually works?
> (I.e. I make one that works, not fight with the existing ones...) How
> about a polymorphic packer, which is actually closer to being a
> currently used technique?
That's almost like one virus.
> But still, just one tells you something about how the AV product works.
> How many does it take to infect you?
Anyone who thinks that a sample of one is enough for any sensible test,
is going to be all alone.
More information about the funsec