Creating test viruses no longer taboo

Hi malware fighters,

The big three want to test their scanners against new live virus. They do not think evil of testers writing new malware to test against. Read here:
http://www.heise-security.co.uk/articles/77440

polonus

I think virus labs are well awere of new threats and they probably also synthesize them in-house. So i don’t see any need for external stuff.
It’s like developing anthrax on my backyard…

Cool hobby, RejZoR ;D ;D ;D

The big three want to test their scanners against new live virus.

I think possibly you have misread the story, Polonus, because it actually says:

Experts from McAfee, Sophos and Kaspersky are queuing up to heap ever greater condemnation on this supposed taboo-busting.

The author of the article does seem to support the creation of new viruses, but his view is not supported by many.

Indeed, over 100 security professionals have signed a letter against the practice, including this familar name: Pavel Baudis, ALWIL Software.

http://www.avien.org/publicletter.htm

The story is also commented upon here:

http://sunbeltblog.blogspot.com/2006/08/consumer-reports-testing-scandal-its_25.html

Although it’s not unheard of to modify Trojans to test how well an AV detects new variants, this has always been done as part of a test on real viruses:

We’ve also taken some common steps to disguise one of the Trojans. Again, using well known free software, we’ve done only what a knowledgeable attacker would do.
We’ve not written any original viruses; we’ve simply placed our test computers in the same situation as that faced by today’s regular computer user.

http://www.transceiver.co.uk/txt/av05.html#how_we_tested

Testing only on “fake” viruses can be criticised on many grounds- see the Sunbelt blog- and it’s not my idea of a good AV test.

Hi FwF,

Thanks for your analysis. Yes I also hold the view that in order to be a malware fighter you need not be a malware author.

polonus