Monday, April 28, 2008

what is malware qa?

malware quality assurance is a process in which malware writers test their malware in order to determine whether the malware meets the degree of effectiveness they had hoped for (and obviously one where they throw out those instances that don't meet the grade)...

malware quality assurance indicates a level of maturity and professionalism on the malware writer's part, and although the term could be used to describe a variety of things (some as banal as running a virus to see if it reproduces), it is generally used to refer to the practice of running a large number of anti-malware scanners on a given sample to determine how likely that sample is to go undetected when used in the wild (which may thereby establish an objective measure of the malware sample's monetary worth)...

it is sometimes incorrectly suggested that anti-detection malware qa underscores a weakness in traditional signature-based known-malware scanning... in reality, any new piece of malware will bypass a good known-malware scanner (because the good ones are so exacting so as to eliminate false alarms) so long as it's not a byte-for-byte match with a previously known piece of malware - this is by definition, and there's no need to perform any quality assurance tests to prove it... malware qa is actually an attack against heuristics, because it is the heuristic engines that would be detecting these new/unknown malware samples the malware writers are testing, not the known-malware scanning engines...

back to index

0 comments: