Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Consumer Reports Creates Viruses to Test Software 241

Posted by Zonk from the trial-by-fire dept.
Maximum Prophet writes to mention an MSNBC article about a Consumer Reports plan to test anti-virus software by creating viruses. Security companies are objecting, on the grounds that it's a generally accepted practice not to create viruses for any reason. From the article: "Consumer Reports didn't create thousands of new viruses from scratch. Rather, it took a handful of existing viruses and created hundreds of slight variants, changing the malicious programs just enough to evade detection by an antivirus program with a list of known threats. That's a common trick in the virus writing world; it's standard for a successful virus to inspire dozens of variants. "
This discussion has been archived. No new comments can be posted.

Consumer Reports Creates Viruses to Test Software More

Consumer Reports Creates Viruses to Test Software

Comments Filter:

  • Re:Of course they are... (Score:3, Informative)

    by Guysmiley777 ( 880063 ) on Friday August 18, 2006 @01:50PM (#15936048)
    Testing security only emboldens the terrorists!

    I wish I still had mod points, that is the funniest thing I've read today!

  • Crying Wolf? (Score:3, Informative)

    by bbernard ( 930130 ) on Friday August 18, 2006 @02:18PM (#15936237)
    FTA: "'Those viruses exist right now only on a CD in a sealed container in a locked cabinet in our computer lab,' Beckford said."

    Seriously, it's not like these will ever exist outside of a lab, right? And if they do, the AV companies won't have any problem finding the source code, will they?

    Isn't that kind of like telling the insurence institue that they can't change their car crash tests because car makers designed their cars only for specific crash tests? Gee, better not create anything that a car might run into, it's bad ethics!

  • Eicar file is of limited use (Score:4, Informative)

    by bbernard ( 930130 ) on Friday August 18, 2006 @02:24PM (#15936285)
    The eicar test-virus file is a great way to see how your computer/av-suite will react to a virus. However, it's not an effective test to see how the heuristics systems and such react. It's non-destructive, and every AV vendor makes sure that they can "catch" it. That's nice for making sure that your AV is running, or that your AV on some workstation reports back to the management computer that it caught a virus, but not for testing the ability of AV software to find new viruses that don't necessarily have definitions written for them yet.

  • It's not "plan to", CR already did it. (Score:3, Informative)

    by djan ( 121552 ) on Friday August 18, 2006 @02:40PM (#15936385)
    The /. summary says that "plan to test anti-virus software by creating viruses."

    TFA says "Consumer Reports recently conducted one of the most thorough tests ever of antivirus programs. But to really put these security programs through the paces, the magazine hired a firm to create 5,500 new viruses, using them to test the antivirus software products for their ability to detect unexpected threats."

    By the way: "In the results, McAfee scored in the middle of the pack. BitDefender and Zone Labs scored at the top, in part for the two program's abilities to detect new viruses."

  • Re:Hey, if it's good for AV products... (Score:1, Informative)

    by Anonymous Coward on Friday August 18, 2006 @04:20PM (#15937051)
    Sorry, cable TV has already tackled the first one. Discovery Channel has a show called http://dsc.discovery.com/fansites/ittakesathief/it takesathief.html [discovery.com]It Takes A Thief. Two thieves select a house, ask the homeowners permission to break in, set up cameras when they get permission and go to town. Since they have the homeowners permission, they fix all damages and they return everything, it's perfectly legal. Same thing if Consumer Reports asked permission of the homeowners or set up a test home that they owned.

  • Re:Corporate Honesty (Score:5, Informative)

    by jc42 ( 318812 ) on Friday August 18, 2006 @04:44PM (#15937190) Homepage Journal
    Heh, funny. But Consumer Reports does have a bit of a history of being sued by companies after serious problems with products were published by CR. CR also has a history of easily winning the few cases that actually go to court. Actually, the companies usually drop charges, after CR makes it clear that they'd be happy to demonstrate the problems in court. CR also often publishes their communications with such companies, which is not really good for sales.

    It could be fun to watch an anti-virus software company face CR in court. It would be at least as entertaining as the SCO soap opera. Maybe /. readers should be contacting the companies and encouraging them to sue CR. Think of all the /. articles that this could generate.

  • Re:The real thing is (Score:3, Informative)

    by pete6677 ( 681676 ) on Friday August 18, 2006 @05:13PM (#15937328)
    I've seen more machines screwed up by Norton than by any official "virus". You don't need Consumer Reports to tell you that. Why people keep paying money for this crap is beyond me.

Slashdot Top Deals

You knew the job was dangerous when you took it, Fred. -- Superchicken

Close