Malware Testing Evolving
The Anti-Malware Testing Standards Organization (AMTSO) announced has been established by a group of leading anti-malware vendors to address an:
industry-wide concern about the increasing mismatch between what anti-malware technologies actually do, and the testing methodologies used to evaluate them.
The group has established laudable goals like promoting discussion between AV researchers, promote education and awareness, and establish standard tests and tools. They should take care with the kinds of tests that are established, especially when trying to establish cooperation between competitors.
Probably the biggest risk is that vendors may be tempted to create tests that measure techniques that their tools perform well on. We don't need more tests that just measure the breadth of signature libraries. We do need test that measure what attackers are doing, which may not be what anti-malware vendors are doing. Drive-by downloads, blogs set up to push malware and other contemporary techniques should be tested. This is the stated goal of the group but internal pressures to sell software and hardware are not going away.
Another problem is that attackers are going to try to avoid detection so they are always looking for ways around anti-malware. The test standards above all have to be flexible enough to adopt and evolve along with the malware they are created to block.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
