Monday, August 21, 2006

reactions to the consumer reports virus creation effort

there's been surprisingly little attention paid to the fact that SANS internet storm center distributes malware but when news broke about consumer reports creating new viruses the shit definitely hit the fan...

authentium, mcafee, kaspersky labs, and eset all came out and expressed their disapproval and disappointment at consumer reports' irresponsible actions... sunbeltblog also came out with a great analysis of what's so wrong about what consumer reports did...

of course not everyone agrees... larry seltzer actually tries comparing writing viruses with writing exploits, apparently ignorant of the fact that, while exploits can demonstrate the existence of software flaws and therefore aid in their correction, viruses demonstrate no such flaws or anything else of comparable benefit to society... security curve also questions what all the commotion is about (and i've tried to share what i know there)...

that said, i think the most insightful comment (yes, prepare yourselves folks, i'm going to agree with someone again) came from david harley in his response to rob slade's securiteam blog entry... i'll paraphrase here - 1) you can test heuristics without creating new viruses, 2) people (even others in the security field) still don't understand av technology, and 3) people don't trust the av industry/community...

it's easy enough to get across the idea that you can test heurstics without creating new viruses, but the ignorance and mistrust are much bigger problems that really need to be addressed... more attention needs to be paid to the various social dimensions of the virus problem or these kinds of things will keep happening...

0 comments: