Monday, September 11, 2006

eicar-standard-anti-malware-test-file

ok, so i was either really early or a little late in saying something about the eicar standard anti-virus test file being repurposed for more general anti-malware usage...

this isn't an i told you so . . . ok, maybe just a little... but c'mon, it's not like this was ever rocket science... spycar, supposedly an homage to eicar, was never necessary to test if anti-spyware apps were installed properly when the eicar file was just as good for that purpose... and as i stated before, for any other sort of testing as spyware simulators really only tells you if your anti-spyware app can detect simulated spyware (and by simulated, i mean a rather poor simulation at that as none of it seems particularly targeted to any unique property of spyware)... i knew it was going to be misused in testing (just as virus simulators were and sometimes still are misused in anti-virus testing), which is why i said that good spyware simulators were still a bad idea, and of course i was proven right...

so, now that spycar is obsolete and the eicar test file (you can't just call it eicar, by the way, since that's the european institute for computer anti-virus research) has been renamed (the file itself remains unchanged, though, just in case that wasn't clear to everyone) so as to be used to test that anti-spyware (and other anti-malware) scanners are installed and operating properly (there's just no good way to test that for behaviour-based systems without real malware), maybe now we can put the whole 'lets make a new testfile for our new anti-[something-or-other] industry' notion to bed once and for all... yeah, and maybe i'll find the pot of gold at the end of a rainbow...

0 comments: