Slashdot Mirror

← Back to Stories (view on slashdot.org)

Consumer Reports Creates Viruses to Test Software

Posted by ryuzaki0 on from the trial-by-fire dept.

Maximum Prophet writes to mention an MSNBC article about a Consumer Reports plan to test anti-virus software by creating viruses. Security companies are objecting, on the grounds that it's a generally accepted practice not to create viruses for any reason. From the article: "Consumer Reports didn't create thousands of new viruses from scratch. Rather, it took a handful of existing viruses and created hundreds of slight variants, changing the malicious programs just enough to evade detection by an antivirus program with a list of known threats. That's a common trick in the virus writing world; it's standard for a successful virus to inspire dozens of variants. "

14 of 241 comments (clear)

  1. Of course they are... by Theaetetus · · Score: 5, Insightful
    Security companies are objecting, on the grounds that it's a generally accepted practice not to create viruses for any reason.
    Well, yeah. Plus, you'll expose all the weaknesses in their software. Testing security only emboldens the terrorists!
    1. Re:Of course they are... by Anonymous Coward · · Score: 5, Funny

      Testing security only emboldens the terrorists!

      Why does Consumer Reports hate America?

    2. Re:Of course they are... by Bastian · · Score: 5, Insightful

      Of course, this isn't really why they are objecting. Whatever McAfee and Symantec say, writing proof-of-concept exploits seems like standard practise to me. My best guess is that their fear is that this might cut into their profits because Consumer Reports is going to make the non-geek public more aware of the limitations of antivirus software. This could make them decide, "Well, if it can't protect me from all the viruses, especially not the new ones, than maybe it's not worth the money."

      Of course, Consumer Reports is almost certainly responsible enough to address this issue and point out to people that it's really a reason why they need to be updating their virus definitions as frequently as is practical.

    3. Re:Of course they are... by Hoi+Polloi · · Score: 5, Insightful

      I hear the Yale company is still furious over the time Consumer Reports tried a bunch of random combinations on their locks.

      --
      It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
    4. Re:Of course they are... by vought · · Score: 5, Insightful

      that it's a generally accepted practice not to create viruses for any reason

      It was generally accepted practice for 50 years not to crash perfectly good cars. Until we started learning that we could protect the occupants of said cars better by finding out where the weak points were...by crashing perfectly good cars.

      What are Symantec. et al afraid of?

    5. Re:Of course they are... by Anonymous Coward · · Score: 5, Funny

      > IMHO this tic for tac will go on forever.

      Yes, it's one of the French benefits.

    6. Re:Of course they are... by Anonymous Coward · · Score: 5, Funny
      Who won ?

      The viruses.

    7. Re:Of course they are... by Jesus_666 · · Score: 5, Funny

      Well, one of these new virii could leave the laboratory and get into the wild. With a bit of bad luck, that virus could be a dangerous mutation - I'm not talking Melissa dangerous, I'm talking H5N1 dangerous. Just one tiny mutation and the virus could jump over to humans, creating a worldwide pandemia as people's immune sytem collapse, unable of keeping up with polymorphic virii that inject their own code into the header of the genetic sequence so that they're uncleanable without working from known-clean marrow. And you know what could be even worse? Worms. If they add a self-propagation mechanism to their new killer virus it would infect random bystanders without the need for a regular infection vector! Those people aren't developing weapons of mass destruction, they're creating doomsday devices! Somebody must put an end to this before it's too late!

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  2. Hey, if it's good for AV products... by TripMaster+Monkey · · Score: 5, Funny

    Be sure to read our other Consumer Reports articles, where we:
    • Test the efficacy of burglar alarms by attempting to break into consumers' homes,
    • Test the efficacy of the 'morning after' pill by creating unwanted pregnancies,
        - and -
    • Test the skill of your local emergency room doctor by randomly stabbing people outside the hospital.

    Thanks, Consumer Reports. Thanks bunches.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:Hey, if it's good for AV products... by krell · · Score: 5, Funny

      "Test the efficacy of the 'morning after' pill by creating unwanted pregnancies"

      Hey, there has to be something out there that security penetration testers can moonlight in, right?

      --
      Where were you when the voynix came?
    2. Re:Hey, if it's good for AV products... by ifrag · · Score: 5, Insightful

      I'll take a stab at that first example of attempting to break into [a] home, since that's the only one that's comparable to what it seems they are doing. If CR wants to setup a test home in which to practice breaking in that's fine, it's their property and they can do with it what they want. It's a test scenario... saying they'd go out and break into consumer homes is not a good parallel. Consumer Reports is (hopefully) not going to create any public security risk in their process if it really is self contained. As long as it stays within their little "sandbox" I don't see what the problem is. The second two examples deal with people instead of objects so it obviously doesn't make for an easy expendable test case.

      --
      Fear is the mind killer.
  3. Symantec et al. are stupid by Evro · · Score: 5, Interesting

    Security companies are objecting, on the grounds that it's a generally accepted practice not to create viruses for any reason.

    You mean they aren't already doing this internally? If not... what the hell are they doing all day? If they're just being reactive without testing their software against possible variants then their software isn't really useful. Though frankly I find antivirus software to be a cure worse than the disease. A 1/100 chance I'll get a virus that does bad things to my computer, or a 100% chance that my computer will run like crap due to NAV.

    Solution? Backup all my documents (mostly pics) to a dvd monthly and trust my Linux box firewall/router/proxy to keep the bad bits out.

    --
    rooooar
  4. Re:Speaking as one who has been burned... by Guysmiley777 · · Score: 5, Insightful

    If they can guarantee containment

    How hard is it to unplug a network cable in your world? Don't use a machine with a WiFi card. Low level wipe the drives from a bootable CD when you're done. Not really rocket science.

    --
    Coding with assembly is like playing with Legos. Coding an application in assembly is like building a car with Legos.
  5. The real thing is by Sycraft-fu · · Score: 5, Interesting

    AV software WILL protect you from new viruses... Just not McAfee and Symantec's crap. Well I suppose I should rephrase: Their software can protect you, but not very well, not as well as others. Bitdefender appears to do the best job at finding viruses that it doesn't have in it's DB. AVG also seems to do a pretty good job.

    That's what they are afraid of. Not that it will be revealed their software does nothing, it does work, just that there is cheaper software that works better.