I may have mentioned the Anti-Malware Testing Standards Organization here before.
ESET is an enthusiastic supporter of this initiative, and several members of the research and lab teams attended the meeting at the beginning of this week in Cupertino.
Lots of interesting and stimulating discussion took place. The Review of Reviews Board (or Review Analysis Board), of which I’m a member, took major steps forward (we’re now close to publishing a review process document), as did the Advisory Board, which provides informed but impartial input from outside the vendor community.
Major progress was also made on a number of papers I’d say are pretty important: these include not only a glossary, but also papers that discuss such topics as gathering samples, sample validation, in-the-cloud testing, issues with malware creation or modification for testing purposes, and whole product evaluation, and I expect to see quite a few of these finished and approved by or before the next AMTSO meeting.
Sad person that I am, this initiative still seems to me to be one of the best things to have happened in the anti-malware industry in years. What do I mean by best? Standardization on (what we consider to be) good practice is good for the industry, of course, and continuing cooperation between the antimalware and testing industries benefits both parties. But if we do this properly, it will be even more beneficial for end-users and prospective and actual customers. Not because what’s good for the industry is good for its customers, but because what we’re aiming for is to make it easier for them to distinguish between good and bad testing.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET