[funsec] Consumer Reports Slammed for Creating 'Test' Viruses

Drsolly drsollyp at drsolly.com
Mon Aug 21 14:26:21 CDT 2006

I don't think I made a comment about who was involved in the testing. What 
I did menti0n, was that it would be interesting to see their methodiology. 
In particular, how did the generate these 5,000 viruses, and how did they 
verify that they were, indeed, viruses.

I know one magazine that did an AV test using a large number of files, 
none of which turned out to be viruses. But that's an extreme case, of 

On Mon, 21 Aug 2006, Young, Keith wrote:

> Regarding DrSolly's comment about who was involved in the testing.
> From: 
> http://www.consumerreports.org/cro/electronics-computers/protection-soft
> ware-9-06/how-we-test-antivirus-software/0609_software_testing.htm
> "We tested a comprehensive selection of antivirus software for consumers
> in ways that accurately reflect real-world conditions, enlisting the
> help of consultants at Independent Security Evaluators (ISE), a
> computer-security consulting firm. (The president of ISE, Avi Rubin, is
> a former technical advisory board member of a company acquired by
> software vendor McAfee before ISE began its work for Consumer Reports.
> He continues to act as an advisor to that company and was not involved
> in our testing.)"
> [The company mentioned above that was acquired by McAfee is SiteAdvisor:
> http://www.siteadvisor.com/about/team.html ]
> Was that full disclosure statement always there? 
> Has anyone tried to contact Avi in order to get more details? Figuring
> that he has preached on full disclosure of electronic voting machines
> <http://www.avirubin.com/>, as president of ISE he may be swayed to give
> full disclosure regarding the methodology of this test...
> --Keith
> Keith Young, Security Official
> Department of Technology Services
> Montgomery County, Maryland
> phone - (240) 777-2955
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

More information about the funsec mailing list