Consumer Reports recently was overwhelmed by heavy critics from many  companies in the anti-virus industry for creating about 5,500 new virus variants to test a new antivirus product. Actually, they just modified known viruses on a grand scale for an anti-virus software test, and none of the new virus has found its way to the wild. In spite of that, this “testing method” raised strong critics. 

Over 100 security experts belonging to companies such as Microsoft, HP, F-Secure, McAfee, Sophos and Symantec signed to a letter that sounds as a denounce against Consumer Reports’ initiative.The declaration is based on the principle that it is "not necessary and ... not useful to write computer viruses to learn how to protect against them."

The declaration is supported by a wide bibliography including contributions by university of all around the world.What the critics most commonly objected is that considering the huge number of viruses still in circulation.. there was no need for new ones! 

But actually, the creation of new malware contributes to a more effective anti-virus testing, and as the expert Jurgen Scmidt pointed out in his review on heise security, this would be definitely necessary. He writes, then:

“Known viruses no longer represent any great danger for users with anti-virus software - pretty much every product will recognise them reliably. The real danger lies with the estimated 250 new malware programs that are released every day. And recognising these as a threat is where many anti-virus products still fail miserably. It is in fact shockingly easy to modify an existing virus so that it is no longer recognised by an anti-virus scanner from its signature alone. What woke me up to this fact was when I created a "new virus", unrecognisable to many anti-virus scanners, from what was at the time the relatively new, "I love you" virus, simply by finding and replacing variable names.

Regular tests in c't using trivial CIH, Optix and RDBot variants confirm this result even today. Naturally this is something the anti-virus industry does not want to hear. They're happier grabbing hold of the nearest propaganda stick by comparing, like Cluley, the testers with arsonists. “

An acceptable  alternative to the creation of new viruses would be  'retrospective tests', that require scanners with outdated signatures in order to recognise current viruses. Unfortunately this solution wouldn’t be effective at all because virus  writers could influence the results, moreover these tests do not provide an analysis of the malicious software and it do not allow to determine how easy it is for a virus scanner to detect them. 

So, the answer to the question “was it necessary?” would be yes, but what about the other question.. that is  “what if these new viruses will take a way to the wild?” Maybe the fact that there will be some new malware around won’t represent such a problem, but we cannot tell it now. 

Any further consideration is up to our readers.   

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!