Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
1 edit | reply to SpannerITWks
Re: Our unique antivirus testing: How we did it
I think what they mean is that CU's constructing new variants from 6 categories of known viruses only shows how various AVs will respond to new, unknown virus variants constructed using the same techniques employed by CU. Those techniques were intended by CU to create large numbers of virus variants based on existing virus structures and ideas... they were not created to exploit new-found security holes nor were they created using novel virus-structure techniques. While CU's variants may be "new", they are not necessarily representative of what many actual virus writers will do in creating their malware in the real world. Until now. Now there are 5,500 'new' viruses on CU's lab computers and some (likely) documented recipes in CU's files of how each was created from existing virus categories - all for the script kiddies and other baddies to sniff out as only they can. And we can all hope and pray that CU's internal data/info security is better than was their reasoning in following such a path in the first place.
Thoroughly understanding viruses and how they are written does not equate to actually writing them. Writing them may or may not make one more expert in combating them. One certainly does not need to commit murder (nor many other things in life and the technical world) to understand how it is done and to combat it.
edit: phrasing in middle of para 1
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
SpannerITWks
Premium
join:2005-04-22
| Blackbird SR
Sure i get your murder analogy Thanx !
But people might be interested in looking @ this thread - »forum.sysinternals.com/forum_pos···003&PN=1 - to see just how cat + mouse actually works in REAL life.
Yes real life, because in there are Real Rootkit coders with Real RK's that are out there right now being used to hide nasties and being used by 3rd parties for crime. Also in there are various well known RK detector guys n girls combatting those and other RK's.
You will see how being able to write RK's and dissasemble them etc, and write detectors enables both sides to have a greater understanding of each others tactics etc. Thereby enabling them to design better RK's + detectors.
So i do believe it's definately worthwhile to as much inside knowledge as possible about how the other side Really works, because that IS what they do, every day !
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by SpannerITWks  :. . . You will see how being able to write RK's and dissasemble them etc, and write detectors enables both sides to have a greater understanding of each others tactics etc. Thereby enabling them to design better RK's + detectors. So i do believe it's definately worthwhile to as much inside knowledge as possible about how the other side Really works, because that IS what they do, every day ! Sure, knowing how the other half lives, what they do, is good and will help people better understand how to fight the malware more effectively. But ya gotta write 5500 NEW variants to do that? I don't think so!
This is a disaster waiting to happen. Let's hope it won't.
And the first variant found in the wild that can be directly linked back to this research, I hope to see one massive class-action lawsuit.
And btw, is 'Consumer Reports' really the organization we want leading this research? While I understand that this is in fact a consumer issue, I'm just not so sure these are the people I want in the vanguard of this somewhat shaky business. |
|
