October Global Threat Report

As usual, ESET has released its monthly Global Threat Trends Report, which will be available in due course at There are no surprises in the top five malicious programs, which have the same rankings as in the September report. Clearly, not enough people are taking our accumulated advice on reducing the risk from Conficker,

So What Is AMTSO Compliance?

The AMTSO (Anti-Malware Testing Standards Organization) meeting in Prague, which took place at the beginning of this week, proved to be rather more exciting than you might expect from a group with the word "Standards" in its name. One of the issues that caused particularly lively debate centred around the question of what constitutes AMTSO

AVIEN and Testing

Some readers will be aware of my long-standing connection with the Anti-Virus Information Exchange Network (AVIEN) at (I hold the title of Chief Operations Officer there). AVIEN has now instigated a member’s blog at, and I’ve put up a couple of blogs today on testing to help kick it off (Andrew Lee, my former

Making Malware

McAfee Avert Labs has been advertising a "Malware Experience" session for the "Focus 09" security conference, which offers attendees the chance to "to work with a Trojan horse, commandeer a botnet, install a rootkit and experience first hand how easy it is to modify websites to serve up malware." Actually, this text has been modified: it

AMTSO Anticipations

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at

AMTSO – the Next Generation

I’ve just returned from Canterbury in the UK. One of the reasons I was there was to present a paper on malware naming at CFET 2009 (3rd International Conference on Cybercrime Forensics Education & Training). It was an excellent conference, and I’ll have more to say about that later (and the paper will be available shortly

(User) Education, Education, Education

Regular readers will be aware that, unlike many people in the security industry, people in this research team tend to be enthusiastic supporters of security education for end users, both inside and outside business: not as The Answer To Everything, not in terms of turning everyone who uses the Internet into a security expert, but

ThreatSense.Net® Report for July

Our July ThreatSense.Net® report has been released today, and will eventually be available from the Threat Center page here. Most of the top ten entries are old friends: well, familiar names might be a better way of putting it. One of the disadvantages of having a scanner that makes heavy use of advanced heuristics is


In previous blogs, I mentioned that some of the presentations from the CARO workshop a couple of weeks ago were likely to be made available publicly. Unfortunately for non-attendees, most of the presentations are only available to people who were there: however, some can be downloaded by the public from here. In case I didn’t

Comparative Testing and Swimming the Channel

Greetings, friends, fans and foes. I know it’s been a while, but I’ve been travelling, with intermittent connectivity: first the Infosecurity expo in London, then the CARO and AMTSO workshops in Budapest, then the EICAR conference in Berlin. This week I’ve been at the Channel Expo in Birmingham (the one in the UK, that is)

AMTSO marches on

So the CARO workshop came and went (and very good it was too): unfortunately, because of the nature of the event, I can’t tell you too much about it. However, at least some of the presentations are expected to be made available soon, and we’ll pass on that information when we have it. After a

Onward AMTSO

I may have mentioned the Anti-Malware Testing Standards Organization here before.   ESET is an enthusiastic supporter of this initiative, and several members of the research and lab teams attended the meeting at the beginning of this week in Cupertino. Lots of interesting and stimulating discussion took place. The Review of Reviews Board (or Review

Trends in Security Software

I got asked "what is the big trend in security software at the moment". It seems to me there are several significant threads to the answer, in terms of anti-malware. Dynamic and/or behaviour analysis. Dynamic analysis as implemented in mainstream antimalware is basically an automated version of dynamic analysis is used in computer forensics. In

Global Threat Report 2008, other papers, and AMTSO

You may have noticed that I’ve been making a lot of references to this over the past few weeks. You can now download it here. Quite a few people have worked pretty hard to make this project happen, and I’d like to thank them now. I hope some of you will find it interesting and

AV-Comparatives Retrospective Test (and a Word about False Positives)

Retrospective or “frozen” testing involves testing the ability of one or more products to detect threats proactively, using techniques such as advanced heuristics rather than signature detection.

Anti-Malware Testing Resources

…after many years of campaigning for better testing and better information about testing, it feels very positive that people are prepared to sit through a 60 minute presentation and then go on asking questions for another half hour…

AMTSO, Testing and the Media

I’m in Washington right now, at the CSI conference. It won’t surprise regular readers to know I’m here to talk about testing anti-malware products (again!) So it may not surprise you to know also that I’m particularly interested to see an article [link no longer available – DH 2017] by Larry Seltzer that looks at the documents

AMTSO press release: approved Testing Guidelines

AMTSO, the Anti-Malware Testing Standards Organization, have just issue a press release [broken link removed 2017] about the guidelines documents just published on their web site after ratification by everyone present at the AMTSO meeting in Oxford at the end of October. You may have noticed that we’re quite optimistic about the beneficial future impact of

AMTSO: Raising Testing Standards

I just came got back from Oxford (that’s the one in the UK, by the way), where the Anti-Malware Testing Standards Organization held its latest two-day meeting.

VirusTotal is not a Comparative Analysis Tool!

VirusTotal is a tool many people find very useful as a shortcut to checking a possibly malicious file, but it isn’t a detection test

Follow us

Copyright © 2017 ESET, All Rights Reserved.