Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Reports Creates Viruses to Test Software

Posted by ryuzaki0 on from the trial-by-fire dept.

Maximum Prophet writes to mention an MSNBC article about a Consumer Reports plan to test anti-virus software by creating viruses. Security companies are objecting, on the grounds that it's a generally accepted practice not to create viruses for any reason. From the article: "Consumer Reports didn't create thousands of new viruses from scratch. Rather, it took a handful of existing viruses and created hundreds of slight variants, changing the malicious programs just enough to evade detection by an antivirus program with a list of known threats. That's a common trick in the virus writing world; it's standard for a successful virus to inspire dozens of variants. "

6 of 241 comments (clear)

  1. Of course they are... by Theaetetus · · Score: 5, Insightful
    Security companies are objecting, on the grounds that it's a generally accepted practice not to create viruses for any reason.
    Well, yeah. Plus, you'll expose all the weaknesses in their software. Testing security only emboldens the terrorists!
    1. Re:Of course they are... by Bastian · · Score: 5, Insightful

      Of course, this isn't really why they are objecting. Whatever McAfee and Symantec say, writing proof-of-concept exploits seems like standard practise to me. My best guess is that their fear is that this might cut into their profits because Consumer Reports is going to make the non-geek public more aware of the limitations of antivirus software. This could make them decide, "Well, if it can't protect me from all the viruses, especially not the new ones, than maybe it's not worth the money."

      Of course, Consumer Reports is almost certainly responsible enough to address this issue and point out to people that it's really a reason why they need to be updating their virus definitions as frequently as is practical.

    2. Re:Of course they are... by Hoi+Polloi · · Score: 5, Insightful

      I hear the Yale company is still furious over the time Consumer Reports tried a bunch of random combinations on their locks.

      --
      It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
    3. Re:Of course they are... by vought · · Score: 5, Insightful

      that it's a generally accepted practice not to create viruses for any reason

      It was generally accepted practice for 50 years not to crash perfectly good cars. Until we started learning that we could protect the occupants of said cars better by finding out where the weak points were...by crashing perfectly good cars.

      What are Symantec. et al afraid of?

  2. Re:Hey, if it's good for AV products... by ifrag · · Score: 5, Insightful

    I'll take a stab at that first example of attempting to break into [a] home, since that's the only one that's comparable to what it seems they are doing. If CR wants to setup a test home in which to practice breaking in that's fine, it's their property and they can do with it what they want. It's a test scenario... saying they'd go out and break into consumer homes is not a good parallel. Consumer Reports is (hopefully) not going to create any public security risk in their process if it really is self contained. As long as it stays within their little "sandbox" I don't see what the problem is. The second two examples deal with people instead of objects so it obviously doesn't make for an easy expendable test case.

    --
    Fear is the mind killer.
  3. Re:Speaking as one who has been burned... by Guysmiley777 · · Score: 5, Insightful

    If they can guarantee containment

    How hard is it to unplug a network cable in your world? Don't use a machine with a WiFi card. Low level wipe the drives from a bootable CD when you're done. Not really rocket science.

    --
    Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.