RE: how broken are antivirus products?

The problem is that your analogy is flawed. I'm not saying that you *cannot* test AV programs to see if they work. I'm saying that *if* you're going to test them, you need to test them in a rigorously controlled test environment where you can control the variables. Otherwise your testing methodology is flawed, and any conclusions you reach based on your tests will be flawed.

For example, to be considered a *viable* copy of a particular virus, test labs will replicate the virus multiple times. This ensures the researcher that the copy he is testing the AV software against actually *is* the virus, and not an altered version of the virus which may or may not replicate. To do this type of testing, you need an isolated lab of test machines that are networked to each other and to *nothing* else, in order to contain the infections. And after every replication, you must rebuild the machines to their "normal" state, to ensure you don't get contamination which skews your test results.

Now, if *you* want to go to those lengths to test virus samples, be my guest. The world will applaud you for the effort.

But testing your AV products against copies that you've gotten from (wherever) without ensuring they are still viable copies of the virus, is *not* valid testing of the products. And you *should* be roundly criticized for that, because you give a false impression of the capabilities of an AV product - just as the pc rags frequently do when they find certain vendors' products to be the best, when in fact the lab tests show otherwise.

Paul Schmehl (pauls@utdallas.edu)
TCS Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

> -----Original Message-----
Received on Mon Nov 25 22:50:20 2002