Skip navigation.
Home

Consumer Reports AV Scandal

Consumer Reports recently conducted a test of the major anti-virus software on the market. Instead of using the known malware, they went a step further and modified the viruses slightly to test the detection rates. The AV market didn't do very well, as expected. The problem is the subsequent backlash by the AV industry.

Igor Muttik posted on McAfee's blog about the perceived inappropriate behavior. His argument is that you should not make new malware under any circumstances. It's been fairly well known in the research community that simple modifications to a virus, such as changing the nop instructions, are enough to fool most of the major vendors. The test that was conducted by Avi Rubin's company is what actual virus writers would perform. This test is fair and accurate in my view.

The truth of the matter is that AV does not perform as well as it should. Consumer Reports is doing the right thing by benchmarking these software under real world conditions.

eWeek Opinion article on it

Ethics and Virus Testing

Opinion: How come discovering vulnerabilities and writing exploits is "research," but viruses for testing is a crime against humanity?

http://www.eweek.com/article2/0,1759,2005814,00.asp

This is an excellent

This is an excellent article. The asymmetric treatment certainly is inappropriate.

"Snakeoil Exposed"

Well at least someone with a credible, non-biased opinion is correctly evaluating AV software. Maybe now their business model will switch to more accurate detection rather than selling bulk signature updates.....

This post is brought to you by:
Mytob.A - Mytob.ZF2MQBA

Which varied almost insignificantly other than changing packers and email messages.

-Patrick

Another interesting hypocracy

So in Igor Muttik's blog he states that its a "rule" not to create new malware. What about all the entries in McAfee's vx info database, as well as Symantec's, that are labeled Zoo Virii and in the footnotes indicate that they were created for testing purposes and never released.

Just query google for:

"zoo virus" site:

Example:

McAfee
http://vil.nai.com/vil/content/v_10459.htm
then click Characteristics

Symmantec
http://www.symantec.com/security_response/writeup.jsp?docid=2005-012512-1124-99

Zoo virii gone wild

http://www.kaspersky.com/news?id=79

major av vendor whining

Good points, chamuco. The major av vendors whine every time a test shows how easy it is to evade their products. It would be great if they would spend more on researching and developing their products than marketing them.

I like comment #4 in response to more misinformation...
http://antivirus.about.com/b/a/257701.htm
http://antivirus.wpadmin.about.com/?comments_popup=257701