[python-uk] Reviewing third-party packages

PyUK at getaroundtoit.co.uk PyUK at getaroundtoit.co.uk
Thu Jul 27 19:27:04 EDT 2017 

S, (Andy and Mike)

Yes, you've hit a couple of pertinent points; and it might make for an 
interesting project.

However, I was looking for a check-list or similar which I can give to 
the pertinent dev.teams to ensure that they are 'covering all the bases' 
- whereas the question: "have you checked 'everything'?" produces a 
rather predictable response.

I'm thinking someone wiser than I will have written these things down - 
just can't find such...



On 28/07/17 02:25, S Walker wrote:
> Exactly my point, yes- especially if one were to make a framework 
> designed to easily analyse such things (when it becomes much easier for 
> the malware because it for instance could just check whether the 
> framework is in the current env (as a super-trivial example- but any 
> framework that is easy to run is likely to be easy to adapt to for this 
> sort of code).
> 
> It'd certainly be feasible to check for outgoing calls though, at least 
> for relatively simple cases (on-import, when calling with particular 
> args), but I think the licensing, etc issues are probably easier to 
> solve-ish and maintain, so probably a better starting point. This is 
> just a gut feeling though- I've done this stuff manually in the past 
> when I've needed to.
> 
> Thanks,
> S
> 
> On 27/07/17 14:41, Mike Eriksson wrote:
>>
>>
>> On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson <andy at reportlab.com 
>> <mailto:andy at reportlab.com>> wrote:
>>
>>     On 27 July 2017 at 15:33, S Walker <walker_s at hotmail.co.uk
>>     <mailto:walker_s at hotmail.co.uk>> wrote:
>>     > I suspect malicious phone-home (and other deliberately malicious
>>     security)
>>     > stuff would be very difficult to automatically test for
>>
>>     Presumably you want to spy on outbound network activity from your test
>>     machine, rather than analysing code?
>>
>>
>> That is if they haven't written their code so it is aware of the 
>> characteristics of 'malware analytics environments'. Basically it's 
>> dormant if it thinks it is being observed. Something which is very 
>> common these days. At least at the cutting edge of such things.
>>
>> Cheers, Mike
>>
>>
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org
>> https://mail.python.org/mailman/listinfo/python-uk
> 
> 
> 
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk
> 

-- 
Regards,
=dn

More information about the python-uk mailing list