In a recent blog on whether security professionals really don't use anti-virus (sorry, but quite a few of us do!) I mentioned a paper by myself and Julio Canto on the use and misuse of multi-scanner sites like VirusTotal. Especially the (Virus-)totally inappropriate use of VT reports as some sort of substitute for real comparative testing.
I presented it at a forensics conference in the UK a while ago, but since quite a few people have expressed an interest in it, it's now on the ESET white papers page: Man, Myth, Malware and Multi-Scanning.
As it turns out, the argument as to whether or not anti-virus is worth anything continues to rage. Well, perhaps it's better described as mild peevishness rather than rage.
I have a feeling I'm going to have to come back to this, but not tonight: it's the VirusTotal/multi-scanner paper I want you to read right now. :)
* Photograph by permission of Small Blue-Green World
David Harley CITP FBCS CISSP
ESET Senior Research Fellow