tag
anti-malware testing

How to Screw Up and Skew a Test

Even as AMTSO attempts to bring some qualified and competent guidance to testing methodologies, and individuals with an agenda or paranoia invent stories about why it is not good, we see more completely incompetent testing. I refer this time to the test that Steve Ragan wrote about at http://www.thetechherald.com/article.php/201031/5979/Anti-Virus-industry-lacking-when-it-comes-to-detection-says-report. The test performed by Cyveillance, who

Testing and Accountability

No-one believes that AMTSO has all the answers and can “fix” testing all by itself, but it has compiled and generated resources that have made good testing practice far more practicable and understandable. The way for testers (and others) to improve those resources is by talking to and working with AMTSO in a spirit of co-operation: the need for transparency is not going to go away.

AMTSOlutely Fabulous or Utter BS?

Kevin Townsend asks whether AMTSO (the Anti-Malware Testing Standards Organization) is “a serious attempt to clean up anti-malware testing; or just a great big con?” I posted a lengthy response to that on the AMTSO blog here…

Kaspersky, Virus Total, and Unacceptable Shortcuts

Larry Seltzer posted an interesting item yesterday.  The article on "SW Tests Show Problems With AV Detections " is  based on an "Analyst's Diary" entry called "On the way to better testing." Kaspersky did something rather interesting, though a little suspect. They created 20 perfectly innocent executable files, then created fake detections for ten of them.

Generalist Anti-Malware Product Testing

We have just come across a Buyer’s Guide published in the March 2010 issue of PC Pro Magazine, authored by Darien Graham-Smith, PC Pro’s Technical Editor. The author aims to give advice on which anti-malware product is the best for consumer users, and we  acknowledge that the article includes some good thoughts and advice, but

The Curious Art of Anti-Malware Testing

I recently made a presentation to  the Special Interest Group in Software Testing of the BCS Chartered Institute for IT (formerly better known as the British Computer Society). The PDF version of the slide deck is now up at: http://www.eset.com/download/whitepapers/Curious_Act_Of_Anti_Malware_Testing.pdf The presentation outlines some of the problems with anti-malware testing and summarizes the mission and principles of

AVIEN and Testing

Some readers will be aware of my long-standing connection with the Anti-Virus Information Exchange Network (AVIEN) at http://www.avien.net (I hold the title of Chief Operations Officer there). AVIEN has now instigated a member’s blog at http://www.avien.net/blog, and I’ve put up a couple of blogs today on testing to help kick it off (Andrew Lee, my former

AMTSO Anticipations

One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at

Microsoft Security Essentials?

Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare. The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say “If

I Like EICAR

Yes, I’ve used that pun before, but I can’t resist using it again now that I’m back from the EICAR conference. I actually got back a couple of days ago, but I was sidetracked by some urgent administrivia and dental treatment. I’m having bacon and eggs for breakfast, my first pet’s name was Stuart Little

Onward AMTSO

I may have mentioned the Anti-Malware Testing Standards Organization here before.   ESET is an enthusiastic supporter of this initiative, and several members of the research and lab teams attended the meeting at the beginning of this week in Cupertino. Lots of interesting and stimulating discussion took place. The Review of Reviews Board (or Review

Trends in Security Software

I got asked "what is the big trend in security software at the moment". It seems to me there are several significant threads to the answer, in terms of anti-malware. Dynamic and/or behaviour analysis. Dynamic analysis as implemented in mainstream antimalware is basically an automated version of dynamic analysis is used in computer forensics. In

Enough to Break your Heartland: Fraud and Malware

MSNBC put up some interesting comment on the Heartland security breach. Since they’ve put some emphasis on the involvement of malware in the breach, it’s worth making a few points. * Heartland was PCI compliant when the breach occurred. The PCI DSS v1.2 Requirement #5.1.1 states: “Ensure that all anti-virus programs are capable of detecting,

AMTSO, Testing and the Media

I’m in Washington right now, at the CSI conference. It won’t surprise regular readers to know I’m here to talk about testing anti-malware products (again!) So it may not surprise you to know also that I’m particularly interested to see an article by Larry Seltzer that looks at the documents just approved by AMTSO (the Anti-Malware Testing

AMTSO press release: approved Testing Guidelines

AMTSO, the Anti-Malware Testing Standards Organization, have just issue a press release about the guidelines documents just published on their web site after ratification by everyone present at the AMTSO meeting in Oxford at the end of October. You may have noticed that we’re quite optimistic about the beneficial future impact of AMTSO on testing

AMTSO: Raising Testing Standards

I just came got back from Oxford (that’s the one in the UK, by the way), where the Anti-Malware Testing Standards Organization held its latest two-day meeting.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
06 Aug 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.