"Some birds aren't meant to be caged, their feathers are just too bright"- Morgan Freeman, Shawshank Redemption. This blog is from one such bird who couldn't be caged by organizations who mandate scripted software testing. Pradeep Soundararajan welcomes you to this blog and wishes you a good time here and even otherwise.

Tuesday, March 14, 2006

Hiring Virus for Testing !

Hi Reader,

For those who have already read my other posts , this is a better feast and for the first timers here , Good thing to start off !

One of my fellow tester read my posts and had sought some help in testing an online application. He was interested to know how to crash the online application to observe what happens to the data that was keyed in before the crash. I took sometime in thinking and jotted down a few points and sent a mail with those points.

When I read one of the point I had written , I myself was excited. Wow ! I had hit upon a very good point in testing and here it is for you.

__ Hiring Virus for Testing __

Once I was doing some maintenance work for one of my uncle's office PC , I usually enjoy doing it for my uncle and in one such instance my uncle was complaining that one of the PC's had some problems and he wants to reformat it. I asked "mams ( Tamil-Indian style of uncle ) do you know what formatting means ?" ...
"Each time I switch on the PC some bull shit comes up , that is why I would like to format"he added.
"Wait , I think someone has infected your computer , let me deal with those viruses" that's how I started on to investigate and found ...

Viruses that attack internet explorer - Their roles and responsibilities !
  • Such programs are a mixture of spyware+malware+virus+trojans+your sweet loop hole
  • Such programs do not allow to open any Anti Virus webpages and auto closes if opened.
  • Such programs do not allow download of any Anti Virus and auto cancels the download
  • Such programs are written by good programmers cum testers and are mostly bug free.

Exploiting Viruses for Testing Online Web Applications - ( am I the first to think this ? )

  1. As most of the banking transactions are web based security/crash/exploratory testing is of high priority and hence these viruses can show you where you need to improvise the code.
  2. Generic web based applications too can be tested with some spyware which try to steal and change data keyed in or stored in the application/database.
  3. When such powerful viruses are used for testing the applications it gives a competitive edge to the company deploying such a testing and wins customer's confidence.
  4. Companies like McAfee , Symantec , Trend Micro...etc .. can make more money by selling of their virus collections to companies who want to test their applications with viruses.
  5. Virus writers would come out and say "hey , I wrote it and you are making money" , catch them or hire them.
  6. This way of testing eliminates 're-inventing the wheel' time of writing scripts to test for those cases for which viruses are already there.
  7. This can help to track the exploratory testing and can give a better edge in testing and a bad time for the developers if a virus toast their lives revealing a severity 1 priority 1 bug.
  8. It would be interesting to see people across globe paying money to buy viruses to test their applications and believe me viruses too will be pirated soon.
  9. Mobile viruses too will get more scope as testing mobile applications would take a much better edge as m-commerce is picking up.

___ Hiring Virus for Testing ____

"Future looks infected , A graduate may submit a virus as his degree project"


Pradeep Soundararajan

Disclaimer : The usage of virus for testing such online/mobile applications is purely my own imagination and I am not responsible if you adopt it and you face a loss of data/code/anything you may loose due to this.Adoption at your own risk.


Nandan said...

A very interesting idea.

What do u mean viruses? The ones that are unleashed by hackers to bring down systems and networks? If thats the case then u do not have the source code for the virus. Its true that viruses can be classified based on their actions. But thats only guessing what the virus is doing by observing its actions. A good testing suite should of course knows what it does.

A tester is a hacker by the very definition of his job. He is supposed to bring down a system. Thats what hackers do. So tester's are professional hackers.

So testers will have a lot to gain by reading "Ethical Hacking then?

Pradeep Soundararajan said...


Yes as you say testers should be professional hackers but how about using the existing viruses which does the same job of what test script we are supposed to write for crashing something ?

Jaans said...

Gr8 thought.
Virus files can be of any form. It’s up to the virus programmer. McAfee, Symantec… etc, had updated (should have) their packages to handle the latest viruses and protect the applications. They are in a position to groom themselves with the future viruses also. As of now, with the help of anti-virus softwares (which has been updated with latest virus’s patch) we could safe guard our application. In this case, what is the need for running the test with old viruses (when we have the updates in hand for them)? We can only plan for the future viruses, which is not predictable and also worthless running a test in that angle.

Disclaimer: This is just my thought and need not to be taken serious in some other angle :)


Pradeep Soundararajan said...

Thanks for the comment Jaans ...

My objective is to use Viruses that kill the applications for 'crash test' of an application or product which could be helpful to find out more bugs , if any.

Anonymous said...

I think you are speaking about systems which are being updated regualrly what about systems which are not being updated.
Wont it be a better way to have anti virus within our product(securing our products from already existing viruses) than expecting a third party software to do the same and assuming the users of our product to have anti virus updates

Balaji Kothandaraman said...

Exploiting Viruses for Testing Online Web Applications - ( am I the first to think this ?)

..Certainly NOT is my answer.