[python-uk] Reviewing third-party packages
PyUK at getaroundtoit.co.uk
PyUK at getaroundtoit.co.uk
Thu Jul 27 19:27:04 EDT 2017
S, (Andy and Mike)
Yes, you've hit a couple of pertinent points; and it might make for an
interesting project.
However, I was looking for a check-list or similar which I can give to
the pertinent dev.teams to ensure that they are 'covering all the bases'
- whereas the question: "have you checked 'everything'?" produces a
rather predictable response.
I'm thinking someone wiser than I will have written these things down -
just can't find such...
On 28/07/17 02:25, S Walker wrote:
> Exactly my point, yes- especially if one were to make a framework
> designed to easily analyse such things (when it becomes much easier for
> the malware because it for instance could just check whether the
> framework is in the current env (as a super-trivial example- but any
> framework that is easy to run is likely to be easy to adapt to for this
> sort of code).
>
> It'd certainly be feasible to check for outgoing calls though, at least
> for relatively simple cases (on-import, when calling with particular
> args), but I think the licensing, etc issues are probably easier to
> solve-ish and maintain, so probably a better starting point. This is
> just a gut feeling though- I've done this stuff manually in the past
> when I've needed to.
>
> Thanks,
> S
>
> On 27/07/17 14:41, Mike Eriksson wrote:
>>
>>
>> On Thu, Jul 27, 2017 at 2:39 PM Andy Robinson <andy at reportlab.com
>> <mailto:andy at reportlab.com>> wrote:
>>
>> On 27 July 2017 at 15:33, S Walker <walker_s at hotmail.co.uk
>> <mailto:walker_s at hotmail.co.uk>> wrote:
>> > I suspect malicious phone-home (and other deliberately malicious
>> security)
>> > stuff would be very difficult to automatically test for
>>
>> Presumably you want to spy on outbound network activity from your test
>> machine, rather than analysing code?
>>
>>
>> That is if they haven't written their code so it is aware of the
>> characteristics of 'malware analytics environments'. Basically it's
>> dormant if it thinks it is being observed. Something which is very
>> common these days. At least at the cutting edge of such things.
>>
>> Cheers, Mike
>>
>>
>> _______________________________________________
>> python-uk mailing list
>> python-uk at python.org
>> https://mail.python.org/mailman/listinfo/python-uk
>
>
>
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> https://mail.python.org/mailman/listinfo/python-uk
>
--
Regards,
=dn
More information about the python-uk
mailing list