Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Consumer Reports AV and their 5,500 new variants

from [Bill Stout] Network Security [Permanent Link]
Subject: RE: Consumer Reports AV and their 5,500 new variants
Date: Wed, 6 Sep 2006 01:01:39 -0700 

No noise makes life more complicated for me, when the boss thinks what
CR did is a great idea, and maybe we should do that too.  I bet that CR
article complicated life for many others working in companies with
security products.

"Rosenthal Virus Simulator" - That sensitive topic came up when I asked
about testing our product against malware.  The point that many
well-known experts on this board made was that an accredited (trusted)
lab perform the tests, and that creating malware was always bad, even
for testing.  

To quote from a letter signed by many on this list
(http://cybersoft.com/whitepapers/papers/open_letter.shtml) "Most
antivirus companies are under some form of self-imposed restrictions
that prevent them from knowingly creating new viruses or virus variants.
In addition, competent testing and certification bodies such as ICSA,
Virus Bulletin, Secure Computing, and AV-Test.org, do not create new
viruses or virus variants for testing.

Indeed, the consensus throughout the antivirus development and testing
community is that creating a new virus or variant for product testing
would be very bad - and totally unnecessary. To do so would undoubtedly
raise questions about their ethics."

Maybe opinions have changed on creating viruses in a closed test lab,
and it's no longer unethical.

Bill Stout


p.s. - The letter quoted was signed by:

Joe Wells - Francesca Thorneloe - Pavel Baudis - Kenneth L. Bechtel - 
Dr. Vesselin Vladimirov Bontchev - Shane Coursen - Joost De Raeymaeker -
Allan Dyer - Nick FitzGerald - David Harley - Dr. Jan Hruska - Jose
Martinez - Andreas Marx - Petr Odehnal - David Phillips - Peter V.
Radatti - Stuart Taylor - Robert Vibert - Eddy Willems - Righard J.
Zwienenberg - 


-----Original Message-----
From: Kurt Seifried [mailto:bt@seifried.org] 
Sent: Monday, September 04, 2006 10:24 PM
To: Bill Stout; focus-virus@securityfocus.com
Cc: rubin@jhu.edu
Subject: Re: Consumer Reports AV and their 5,500 new variants

Who cares if they aren't released. I'm willing to best the testing
firm/CR 
is competent enough to do this on a closed network. I haven't heard
anything 
about these actually being relased, if a tree falls int he forest, but
the 
forest is fenced off and no-one hears it who cares. Maybe that's why
there 
is no noise.

-Kurt
 


------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----



----------------------------------------------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box 
giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZWl
----------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Consumer Reports AV and their 5,500 new variants, Kurt Seifried
Next by Date:  RE: Consumer Reports AV and their 5,500 new variants, Paul Schmehl
Previous by Thread:  Re: Consumer Reports AV and their 5,500 new variants, Kurt Seifried
Next by Thread:  RE: Consumer Reports AV and their 5,500 new variants, Paul Schmehl
Indexes:  [Date] [Thread] [Top] [All Lists]