A new conference paper discusses whether AMTSO has the credibility to achieve its aims of raising testing standards on its own.

Aryeh Goretsky interviewed, as his paper on Possibly Unwanted Applications is published.

The next AMTSO members meeting is getting pretty close… It's being held in San Mateo on the 10th and 11th February. More information, including the preliminary agenda, on the AMTSO meetings page. David Harley CITP FBCS CISSP ESET Senior Research Fellow

At the last AMTSO workshop in Munich, a guidelines document on False Positive (FP) testing was approved, and is now available on the AMTSO documents page.

…one of the most interesting results is the approval by the members present of a planned low-fee subscription model which will enable individuals and small organizations to participate…

By kind permission of Virus Bulletin, we’ve already put two of the papers written or co-authored by ESET researchers up on the White Papers page.

…quite a few other issues have come up that are less obviously related to AMTSO’s aims, and it’s probably inevitable that some of those concerns will find their way out in the course of the meeting. Watch this space.

Kevin Townsend asks whether AMTSO (the Anti-Malware Testing Standards Organization) is “a serious attempt to clean up anti-malware testing; or just a great big con?” I posted a lengthy response to that on the AMTSO blog here…

Of course, most vendors use in-house testing as a tool for monitoring and improving the capabilities of their own products. However, it’s also being used increasingly as a vehicle for showcasing a company’s own AV products in the best possible light.

[I told you these links were cursed: thanks to Daniel Schatz for pointing out a further problem. Tip of the hat to Kurt Wismer for pointing out the issue on the AMTSO blog, and another to Julio Canto for alerting me to the story in the first place.] Danny Quist posted an interesting article at