Kevin Townsend posted a rather interesting article on his blog asking whether AMTSO (the Anti-Malware Testing Standards Organization) is "a serious attempt to clean up anti-malware testing; or just a great big con?"
I posted a lengthy response on the AMTSO blog here: while it was a personal response rather than an official statement on behalf of AMTSO or the Board of Directors, I figured that more people would look for a response there rather than here.
If you're at all interested in anti-malware testing in general and AMTSO in particular, Kevin's blog is definitely worth reading, and I hope my response goes some way to addressing some of his concerns.
However, one point I didn't take up concerns the "Top Ten Mistakes Made When Evaluating Anti-Malware Software" that he attributes to ESET, but doesn't include the link.
The article he refers to is actually a press release that was sent out before my presentation on testing at Infosecurity Europe in 2009, and you can read the whole thing here, though the most interesting bit is the top ten mistakes that Kevin quotes in full. It's actually quite a useful list, and I think I should probably revisit it here soon. :)
David Harley CITP FBCS CISSP
ESET Research Fellow
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
http://amtso.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/
http://chainmailcheck.wordpress.com
http://smallbluegreenblog.wordpress.com/
