AV Vendors Flip Over CU's 'Dummy Viruses'

Is it Consumer Report's methods or results they don't like?


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

The antivirus community is crying foul over a consumer magazine's tests of their products, which included creating 5,500 dummy viruses to see how well the AV programs handle the unknown.

Consumers Union, the well-respected consumer product testing organization and publisher of Consumer Reports, decided it was pointless to test antivirus programs against already known viruses.

"If signatures were updated instantaneously, you would never need prediction. You'd always be protected. But it doesn't always work that way, obviously," said Evon Beckford, senior director of electronics operations for the Consumer's Union.

The aim of the tests was to see if the program is capable of recognizing a variance of known viruses. The company licensed a third-party lab to create 5,500 "test" viruses; the vast majority are variants of known viruses for testing in its report.

Consumer Reports managed to do something no one else has done. It got antivirus vendors to all agree on one thing: They hated the idea.

"The AV community has always been very strongly opposed to the creation of new malware for any purpose," said John Hawes of Virus Bulletin, in a blog entry. "There's just no need for it - plenty of new viruses are being written all the time, why would anyone in a responsible position want to add to the glut?"

"Creating new viruses for the purpose of testing and education is generally not considered a good idea - viruses can leak and cause real trouble," said Igor Muttik of McAfee (Quote, Chart) in his own blog.

"This is a really unwise thing to do. There are plenty of 'real' viruses, worms and Trojans around without well-meaning organizations generating more of them, for whatever reason," said David Emm, senior technology consultant at Kaspersky Labs.

You would think CR had been playing with Ebola strains in a buffet line of the Bellagio Hotel, judging by the industry's reaction.

Only Symantec (Quote, Chart) held its tongue, declining to comment when contacted by internetnews.com.

Peter Firstbrook, research director for information security and privacy at Gartner, is not very sympathetic. "The AV guys are being ridiculous," he said. "The biggest problem with the AV vendors is they are totally reactive to new viruses. They all do well on the known virus list. Big deal, so you can catch a known virus."

The reason for creating variants of known viruses is because most viruses are just modifications of existing viruses. "If you're a virus writer, particularly an inexperienced one, that's what you do, modify an existing one. You don't try to create a new exotic virus," said Beckford.

This article was first published on InternetNews.com. To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.