Focus on Virus
RE: Extracting signature snippets from AV databases May 10 2006 05:02PM
Bill Stout (bill stout greenborder com) (2 replies)
RE: Extracting signature snippets from AV databases May 11 2006 01:58AM
Nick FitzGerald (nick virus-l demon co uk)
Bill Stout wrote:

> For internal testing we run publicly sourced live viruses and other
> malware in an isolated locked room, where the only media that comes out
> is shredded.
>
> What I'm trying to figure out is how to 'smoke test' new builds, and to
> ethically and fully demonstrate (to the CEO, to outsiders) that the
> protection works. We're in alpha test, and beta is approaching fast.

VMWare on a beefy laptop with no writable media drives and its
ethernet, USB, FireWire, etc ports bunged up to ensure there were no
accidents??

You'd want a machine with a removable drive bay so you could insert
floppy/optical drives for reconfiguration, etc in the lab, or a machine
with easily removable HDD that you could drop into a suitable chassis
and connect to another machine in the lab as a slave drive...

That should give you a relatively safe, isolated multi-machine network
with the carry-around convenience of a laptop. You can then use _real_
samples so there should be no question that you may be faking something
with your "demonstration malware".

Regards,

Nick FitzGerald

[ reply ]
Re: Extracting signature snippets from AV databases May 10 2006 06:51PM
Kenneth Bechtel (kbechtel teamanti-virus org)


 

Privacy Statement
Copyright 2010, SecurityFocus