Even as AMTSO attempts to bring some qualified and competent guidance to testing methodologies, and individuals with an agenda or paranoia invent stories about why it is not good, we see more completely incompetent testing. I refer this time to the test that Steve Ragan wrote about at http://www.thetechherald.com/article.php/201031/5979/Anti-Virus-industry-lacking-when-it-comes-to-detection-says-report. The test performed by Cyveillance, who
All this is potentially frightening and inconvenient (or worse) for a home user. And if it happens in a corporate environment, it can be very, very expensive to remedy. So while some of the public comments we see in the wake of such incidents may seem over the top, “FP rage” is certainly understandable.
As I mentioned here yesterday, I launched a new AMTSO in the Media page on the AMTSO blog page yesterday. Since then, Pedro Bustamente has kindly sent me a whole bunch of links relating to events leading up to the launch of AMTSO in 2008, so I’ve created a separate sub-page incorporating those links out
Who would have thought that an initiative aimed at increasing the accuracy and relevance of anti-malware testing would be quite so controversial? Well, it was to be expected that AMTSO (the Anti-Malware Testing Standards Organization) would generate a certain amount of controversy: clearly, the organization is not going to get everything right first time. And
No-one believes that AMTSO has all the answers and can “fix” testing all by itself, but it has compiled and generated resources that have made good testing practice far more practicable and understandable. The way for testers (and others) to improve those resources is by talking to and working with AMTSO in a spirit of co-operation: the need for transparency is not going to go away.
…Somewhere in this welter of misinformation, well-meant but muddled thinking, and black propaganda, there are some issues that need clarifying… Watch this space for further information. And while you’re waiting, you might want to check the documentation and other resources at the AMTSO web site to see what the organization really proposes and what it is really trying to achieve…
Further to my "top ten of top tens" post, I was encouraged by some queries to revisit the “Top Ten Mistakes Made When Evaluating Anti-Malware Software” list quoted by Kevin Townsend here. As it was an AMTSO issue and most of the queries have related to an AMTSO blog post, I've returned to it (and
Well, not exactly, though actually a top ten of top tens isn't a bad idea: apparently, top tens usually attract plenty of readers. As do top fives. twenties etc, though probably not top thirteens. Security Memes a Lot to Me Still, there is a touch of recursion to this post. I got a notification from
Of course, most vendors use in-house testing as a tool for monitoring and improving the capabilities of their own products. However, it’s also being used increasingly as a vehicle for showcasing a company’s own AV products in the best possible light.
[I told you these links were cursed: thanks to Daniel Schatz for pointing out a further problem. Tip of the hat to Kurt Wismer for pointing out the issue on the AMTSO blog, and another to Julio Canto for alerting me to the story in the first place.] Danny Quist posted an interesting article at
As you can see from this photo from the Infosecurity Europe show, my sessions down at the gym are really starting to pay off. :) As I mentioned previously, the update process on the monthly ThreatSense Report continues, and the April report is now available here. While the usual look at the top ten security
Some of us are currently busily preparing for the AMTSO workshop in Helsinki on the 24th and 25th May 2010, just before the CARO workshop on 26th and 27th May (for which registration closes on 12th May). Before the Helsinki events, though, the EICAR conference in Paris includes some interesting testing-related material before and during the main conference.
If you regularly follow my blogs, you'll know that while this my primary blogspot, it isn't the only site to which I post (see signature for full details). Here are a few recent blogs and microblogs that may be of possible interest. @Mophiee asked me about the ICPP Trojan on Twitter (where I'm @ESETblog or
Just a quick note to draw your attention to a couple of new documents that have just become available. "AMTSOlutely fabulous" (sorry – it seemed like a good idea when I wrote it…) is a review of what the Anti-Malware Testing Standards Organization has achieved so far and what it might achieve in the future. It's
We're not really set up to use the ThreatBlog as a full strength Questions and Answers resource, but we got so many questions after my blog yesterday about April 1st hoaxes that I feel obliged to try to answer some of them. There is no truth in the rumour that the eCity of San Diego
AMTSO (the Anti-Malware Testing Standards Organization) has published its review analysis of the Endpoint Security Test that was published by NSS Labs on September 8, 2009. The Review Analysis published on March 17, 2010 compared AMTSO’s Fundamental Principles of Testing to the NSS Labs report and found that it doesn’t comply with two of the nine AMTSO
There was an AMTSO (Anti-Malware Testing Standards Organization) panel session here at RSA, where Larry Bridwell, Righard Zwienenberg, Andreas Marx, Roel Schouwenberg and Neil Rubenking talked about AMTSO and what it does (and what it hopes to do). And I added to my list of qualifications for being involved with the organization: current vendor representative,
Greetings, friends and fiends. I've been uncharacteristically quiet for the past couple of weeks, due to the AMTSO workshop last week in Santa Clara. There was, as usual, some lively discussion: though no papers were approved at the meeting, some are close enough to finished to be voted on shortly. (See also the AMTSO blog