EICAR... my friend!

[kurt wismer]

Bart Bailey wrote:
[snip]

This open examination of AV scanning vulnerabilities is indeed a service
to the whole internet community that may have to rely on such
applications, and there can never be too much light shone on these
topics, despite your reservations.

"vulnerabilities" is the wrong word here... it sounds too much like
something that was accidental and can be fixed... what the individual
actually stumbled across were 'limitations' of scanning... there are,
theoretically, a countably infinite number of ways to modify any given
binary, most of which result in something that is not recognizable as
being a modification of an otherwise known thing... it's an intractible
problem...

[snip]

You don't really think someone will make the necessary sacrifices to
attend Uni to merely write malware do you, how will they feed their
family?

are we talking university of calgary here? it's in canada... i don't
know if you know this but one can finance most if not all of one's
enducation with student loans in canada (i know, i did)... it's not
uncommon to default on the subsequent loan repayments (that part i
didn't do, yet)... why should a wannabe malware writer be any different?

 

[FromTheRafters]

Well, I don't see the word "cached"... ;o)

Cache is storage, especially concerning web pages stored
locally. I just thought it was a funny disclaimer, and wanted
to point out the impossibility of compliance.

 

[Tim]

are we talking university of calgary here? it's in canada... i don't
know if you know this but one can finance most if not all of one's
enducation with student loans in canada (i know, i did)... it's not
uncommon to default on the subsequent loan repayments (that part i
didn't do, yet)... why should a wannabe malware writer be any different?

I dunno when you finished school, but the rules have changed in
regards to defaulting on student loans. You can no longer default on
such loans. Gov't legislation says that you cannot avoid paying
student loan debt for 10 years after the end of their schooling.

If you want to default on that loan, you'll have to take out a
personal loan/put it onto your unsecured credit cards for the amount
lent to you via student loans, pay for a year or two, and then
default.

I haven't gone that route, but I do know people who have.

 

[Bart Bailey]

[snip]

You don't really think someone will make the necessary sacrifices to
attend Uni to merely write malware do you, how will they feed their
family?

are we talking university of calgary here? it's in canada... i don't
know if you know this but one can finance most if not all of one's
enducation with student loans in canada (i know, i did)... it's not
uncommon to default on the subsequent loan repayments (that part i
didn't do, yet)... why should a wannabe malware writer be any different?

Those sacrifices are more than just the tuition, which could come from
the parents that spoiled him rotten enough to become a motivated VXer,
but the amount of time with other required for credit classes to earn
his diploma.
Curious;
Is the VX coding class offered at the freshman level,
so someone could do a hit and run as you suggest?

Bart

 

[Frederic Bonroy]

how quickly we forget, the simulators were only 1 of his sins... i'm
referring to the real (though severly retarded) viruses he made and
peddled under the guise of safe viruses... they were originally add-ons
to his basic simulator package that folks could by from him, but
eventually he rolled it into the main package and in so doing got turfed
from simtel because of f-prot's distribution constraints...

I had heard of some problems with Simtel and F-Prot but I wasn't aware
that he had included real viruses in his package. I don't really see
the point of selling retarded viruses (safe or not), and I don't see
the connection between this and the article we're discussing.

 

[kurt wismer]

I thought it was the ASP that he had his bitch with?

that was a different fight, but for much the same reasons... he got
turfed from ASP aswell... they didn't take kindly to unknowingly
distributing his viruses...

 

[Frederic Bonroy]

if i'm not mistaken it's not the article itself that's being discussed
here, but rather a contribution you made to it...

???

I didn't make any contribution. I made comments. Nothing else.

 

[kurt wismer]

[snip]

You don't really think someone will make the necessary sacrifices to
attend Uni to merely write malware do you, how will they feed their
family?

are we talking university of calgary here? it's in canada... i don't
know if you know this but one can finance most if not all of one's
enducation with student loans in canada (i know, i did)... it's not
uncommon to default on the subsequent loan repayments (that part i
didn't do, yet)... why should a wannabe malware writer be any different?

Those sacrifices are more than just the tuition, which could come from
the parents that spoiled him rotten enough to become a motivated VXer,
but the amount of time with other required for credit classes to earn
his diploma.
Curious;
Is the VX coding class offered at the freshman level,
so someone could do a hit and run as you suggest?

freshman? i don't really know what that is... i understood it to be an
undergraduate level course (ie. something you take while trying to get
your bachelor degree), but maybe i misunderstood... if it's a graduate
level course (one you take on your way to getting a masters degree or
better), then one may very well get paid to take it...

 

[kurt wismer]

kurt wismer wrote:




???

I didn't make any contribution. I made comments. Nothing else.

my mistake then, i obviously misread something way back in the thread
then...

 

[kurt wismer]

Thinking in terms of the American style;
Freshman - first year
Sophomore - second year
Junior - third year
Senior - fourth year
Usually have a Bachelors by now
several (usually two) more years to get a Masters
then several more for the Doctorate

see, now we had a much simpler and more straightforward way of breaking
things up...

first year - first year
second year - second year
etc . . .

masters and phd are about the same as you describe though...

gosh i miss school... it's a shame it was so expensive... 6 years of
student loans have given me a student debt the size of a small mortgage...

If the coding class is an undergraduate (first year) course,
then someone could just take it and scoot, no more hard work.

if one really wanted to one could just audit the class... it only costs
time (no money, no course requirements, no great sacrifices, etc)...

 

[Nick FitzGerald]

Thinking in terms of the American style;
Freshman - first year
Sophomore - second year
Junior - third year
Senior - fourth year

From memory (and I realy don't care enough to go back and find it), the
course prescription code (or whatever they call them in Canada) was a
400-level number ("4xy" or "4xyz"), so presumably it is the Canadian
equivalent of Bart's "Senior year", if there is such a thing??

Regardless, I do seem to recall that the course was "defended" _partly_
on the grounds that it was only available to "senior" or "advanced"
(possibly Masters-level even?) students.

 

[kurt wismer]

Although that may generally be true, this course was "approved" or
"accepted" on the terms that it had special entry requirements that I
doubt could be met by an audit student.

what i mean is that if you want to hear what they have to say, go in the
room, sit your ass down in a chair and listen... i've never heard of a
class that asks it's students to present proof of enrollment before the
lecture begins...

Also, it is often the case here (don't know about elsewhere but will
assume the same) that students auditing a course cannot take part in
practical, laboratory, etc classes (usually because of the cost factor
and as they don't pay, they don't get access to those resources).

true enough, labs do sometimes have lists of students who are supposed
to be there (generally the folks enrolled in a course are split into
much smaller groups for the purposes of labs so some manner of student
authentication becomes feasible)...

_If_ that is the case at UCalgary then the "hands on" malware writing
part of the course would be denied to auditing stuudents as that type
of activity is supposed to be (although you've already discussed that
aspect of this hare-brained scheme) limited strictly to the lab
sessions and environs.

heavens to betsy, they'll have to practice at home...

isn't that the main worry, anyways? are we really concerned about the
lab specimens (which, by the way, i'm sure will be coded to the
professor's specifications - interpret that as you will) that are
supposedly going to be coded on a closed network where there's no
outside access?

it's not the folks who follow the rules that i'd worry about, it's the
ones that think outside the box...

 

[Iceman©]

Nick FitzGerald wrote:
I can't speak for him but I think the article enquires more than it
states, so it's meant to be explorative rather than authoritative.
It's an interesting analysis of how AV programs react. Given the
constraints imposed by the definition of the EICAR, it may not make
sense to conduct such an analysis from the *scientific* point of
view but it's surely interesting for us, the "populace".

This way of speaking is like listening to Llt commander data from Star
Trek

sorry just find it interesting.