.

Consumer Reports creating viruses?

<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Aug 21, 2006 12:07 pm

Consumer Reports creating viruses?

Where do you stand on this issue? I really like the way CR did their testing and I think it benefits end users in the long run by showing how well/poor a given AV software performs. As long as they can keep the code private, which is questionable. It would also be a good idea to submit the code to any of the AV vendors that  didn't detect it, so they can update their detection libraries.


Consumer Reports creating viruses?
Posted: Thursday, August 17 at 08:42 pm CT by Bob Sullivan

Consumer Reports recently conducted one of the most thorough tests ever of antivirus programs. But to really put these security programs through the paces, the magazine hired a firm to create 5,500 new viruses, using them to test the antivirus software products for their ability to detect unexpected threats.

Now antivirus companies are crying foul, saying the magazine ignored a long-standing principle not to invent new viruses.

"Creating new viruses for the purpose of testing and education is generally not considered a good idea,” wrote Igor Muttik of McAfee's antivirus lab on a public company blog this week. “Viruses can leak and cause real trouble." The entry helped touch off a firestorm.

....
http://redtape.msnbc.com/2006/08/consumer_report.html#posts
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Aug 21, 2006 1:45 pm

Re: Consumer Reports creating viruses?

True on both ends. It's not good practice to create new viruses, but we live in an age where we need to perform real world tests of our systems. How else can you perform a truly unexpected test?

On the other hand, was there really a need for 5500 new viruses? That seems a little excessive to me.

In the end, maybe both sides needs to bend. AV companies need to encourage these types of tests. It can only make their heuristics better. We all know CR likes to be thorough, but it doesn't need to go quite that far to perform a valid test.

My $.02,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

jimbob

Post Tue Aug 22, 2006 5:11 am

Re: Consumer Reports creating viruses?

I'm going to assume the 5,500 number is hyperbole, and that most of the viruses were variants of one another. If you create a new virus it will initally defeat signature based virus checkers, that's the nature of the beast.

I'm not a big fan of the heuristic approach to antivirus because I've yet to see it work effectively. Defensive software that limits the functionality of unknown executables I believe is much more effective but is inherently limited in that it alters the fabric of the operating environment.

I'd sooner see more lab research than waiting for the bad guy to raise their game.
<<

Kev

Post Tue Aug 22, 2006 9:10 am

Re: Consumer Reports creating viruses?

    I like the way consumer reports conducted their test. My feeling is the anti-virus companies are trying to create a smoke screen about the results by crying foul about a technicality.

    Why should the results of that lab test be questioned simply because they created a group of new viruses?  True, if those viruses leak out they can cause problems, but how does that invalidate the test? 

    Its sort of like car crash test being done with live people and the car manufactures getting on their high horse about  how it endangered lives and how irresponsible the test was, mean while skewing the actually test results that revealed how poor some of the cars performed. 

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software