Tuesday, June 30, 2015

Lazy Security Vendors Make Life More Complicated

from here

Inspired by the trials and tribulations Didier Stevens has to go through to make a tool capable of introducing the EICAR Standard Antivirus Test File onto systems for testing without getting blocked by security products elsewhere (like at the gateway or the IT admin's own desktop).

This shouldn't be difficult. It shouldn't require a special program at all, never mind rewriting the program to stay ahead of security tools, because the original specification stated that a file had to start with those special 68 bytes in order to be considered the test file. Anything else, including the EICAR web page I linked to, should be able to pass through security products unhindered precisely so that the test file can be easily transported to the systems that need testing. I mean, it was even designed so that you could fax it or read it out over the phone, for crying out loud.

I can only imagine how Padgett Peterson must feel at seeing his efforts to make the test file easy to use wasted by lazy security vendors. Thanks to Didier for the effort in trying to reclaim some of that ease of use.