Even as AMTSO attempts to bring some qualified and competent guidance to testing methodologies, and individuals with an agenda or paranoia invent stories about why it is not good, we see more completely incompetent testing. I refer this time to the test that Steve Ragan wrote about at http://www.thetechherald.com/article.php/201031/5979/Anti-Virus-industry-lacking-when-it-comes-to-detection-says-report. The test performed by Cyveillance, who
No-one believes that AMTSO has all the answers and can “fix” testing all by itself, but it has compiled and generated resources that have made good testing practice far more practicable and understandable. The way for testers (and others) to improve those resources is by talking to and working with AMTSO in a spirit of co-operation: the need for transparency is not going to go away.
Larry Seltzer posted an interesting item yesterday. The article on "SW Tests Show Problems With AV Detections " is based on an "Analyst's Diary" entry called "On the way to better testing." Kaspersky did something rather interesting, though a little suspect. They created 20 perfectly innocent executable files, then created fake detections for ten of them.
We have just come across a Buyer’s Guide published in the March 2010 issue of PC Pro Magazine, authored by Darien Graham-Smith, PC Pro’s Technical Editor. The author aims to give advice on which anti-malware product is the best for consumer users, and we acknowledge that the article includes some good thoughts and advice, but
I recently made a presentation to the Special Interest Group in Software Testing of the BCS Chartered Institute for IT (formerly better known as the British Computer Society). The PDF version of the slide deck is now up at: http://www.eset.com/download/whitepapers/Curious_Act_Of_Anti_Malware_Testing.pdf The presentation outlines some of the problems with anti-malware testing and summarizes the mission and principles of
Some readers will be aware of my long-standing connection with the Anti-Virus Information Exchange Network (AVIEN) at http://www.avien.net (I hold the title of Chief Operations Officer there). AVIEN has now instigated a member’s blog at http://www.avien.net/blog, and I’ve put up a couple of blogs today on testing to help kick it off (Andrew Lee, my former
One of the more interesting things to happen to me in the past few months – well, that I’m going to talk about in public – is that I was elected to the Board of Directors of AMTSO (The Anti-Malware Testing Standards Organization). Interesting and scary: the first couple of months have seen me at
Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare. The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say “If
Yes, I’ve used that pun before, but I can’t resist using it again now that I’m back from the EICAR conference. I actually got back a couple of days ago, but I was sidetracked by some urgent administrivia and dental treatment. I’m having bacon and eggs for breakfast, my first pet’s name was Stuart Little
I may have mentioned the Anti-Malware Testing Standards Organization here before. ESET is an enthusiastic supporter of this initiative, and several members of the research and lab teams attended the meeting at the beginning of this week in Cupertino. Lots of interesting and stimulating discussion took place. The Review of Reviews Board (or Review
I got asked "what is the big trend in security software at the moment". It seems to me there are several significant threads to the answer, in terms of anti-malware. Dynamic and/or behaviour analysis. Dynamic analysis as implemented in mainstream antimalware is basically an automated version of dynamic analysis is used in computer forensics. In
MSNBC put up some interesting comment on the Heartland security breach. Since they’ve put some emphasis on the involvement of malware in the breach, it’s worth making a few points. * Heartland was PCI compliant when the breach occurred. The PCI DSS v1.2 Requirement #5.1.1 states: “Ensure that all anti-virus programs are capable of detecting,
I’m in Washington right now, at the CSI conference. It won’t surprise regular readers to know I’m here to talk about testing anti-malware products (again!) So it may not surprise you to know also that I’m particularly interested to see an article [link no longer available – DH 2017] by Larry Seltzer that looks at the documents
AMTSO, the Anti-Malware Testing Standards Organization, have just issue a press release [broken link removed 2017] about the guidelines documents just published on their web site after ratification by everyone present at the AMTSO meeting in Oxford at the end of October. You may have noticed that we’re quite optimistic about the beneficial future impact of