The paper by Julio Canto and myself on the use and misuse of multi-scanner malware-checking resources like VirusTotal is now available.
In a recent blog on whether security professionals really don't use anti-virus (sorry, but quite a few of us do!) I mentioned a paper by myself and Julio Canto on the use and misuse of multi-scanner sites like VirusTotal. Especially the (Virus-)totally inappropriate use of VT reports as some sort of substitute for real comparative testing.
I presented it at a forensics conference in the UK a while ago, but since quite a few people have expressed an interest in it, it's now on the ESET white papers page: Man, Myth, Malware and Multi-Scanning.
As it turns out, the argument as to whether or not anti-virus is worth anything continues to rage. Well, perhaps it's better described as mild peevishness rather than rage.
- In the latest issue of SC Magazine, there's a debate between Jeremiah Grossman and myself as to whether Anti-virus is essential. I guess you could call it a draw, since my view is that it isn't always essential and his seems to be that it is essential but not worth paying for. ;-) (And if you read it in the print edition of the magazine, no, I haven't changed my name to Hartley: it's a typo.)
- Paul Ducklin also weighed in today, discussing the proposition that Anti-virus is no good.
- Simon Edwards explained Why even experts need antivirus just a few days ago.
I have a feeling I'm going to have to come back to this, but not tonight: it's the VirusTotal/multi-scanner paper I want you to read right now. :)
* Photograph by permission of Small Blue-Green World
David Harley CITP FBCS CISSP
ESET Senior Research Fellow