RE: [funsec] Consumer Reports Slammed for Creating 'Test' Viruses

Larry Seltzer Larry at
Mon Aug 21 08:46:10 CDT 2006

>>In the past, when I was the victim of an appallingly poor product
test, I was able to examine the test set, to show the tester where
they'd gone wrong...
>>If you delete the test set, then such forensic examination, isn't
possible. If you don't delete the test set, then you have the problem of
long term secure storage (which is solvable, but isn't trivial).

Very fair point. If I were running such tests I'd archive several copies
of the tests and viruses and any ancillary files on CD-ROM and delete
all the live ones. I have a few such copies here from virus tests I've
done in the past.

>>Would CR be willing to subject their methodology to proper expert
examination?  Or are they 100% confident that there couldn't possibly be
any problems? 

If they don't then they have a credibility problem. Sometimes testing
outfits will cry "work product!" or something like that, and I suppose
you don't want to make such files generally available for download. But
if the vendor were to ask, under an appropriate non-disclosure, to
examine the files I don't think there's any fair reason to deny them.	

Larry Seltzer Security Center Editor
Contributing Editor, PC Magazine
larryseltzer at 

More information about the funsec mailing list