Hello again. I’m back from Washington (not to mention Vienna, Bratislava and York), but I haven’t escaped from detection testing issues. Not that I’m complaining: after many years of campaigning for better testing and better information about testing, it feels very positive that people are prepared to sit through a 60 minute presentation and then go on asking questions for another half hour. We may be a very long way from solutions to some of the problems that concern me, but recognizing that they exist and taking a is a vital step towards those solutions.
First of all, let me mention that the UK computing magazine Computer Weekly has just published one of a series of columns I’ve been doing for them. And yes, it’s about detection testing, AMTSO, the Universe and Everthing. To be precise, it’s a follow-up to a column on the same subject I wrote before the Anti-Malware Testing Standards Organization was founded, as it seemed a good time to consider what impact the organization has had so far on the testing problem (or, rather, the problem of bad testing) and the thorny issue of static testing versus dynamic testing.
Secondly, for our Spanish-speaking readers (¡Hola!), we’d like to draw your attention to the fact that the ESET team in Latin America have made available Spanish translations of the two essential documents on the "Fundamental Principles of Testing" and "Good Practice in Dynamic Testing" approved and published by AMTSO last month. The translated "Principles" document is available at www.eset-la.com/amtso/amtso_principios.pdf, The "Dynamic Testing" document is at www.eset-la.com/amtso/amtso_mejores_practicas.pdf.
I’m currently working on a list of available resources relating specifically to anti-malware testing: watch this space for more details.
David Harley CISSP FBCS CITP
Director of Malware Intelligence