Antimalware group sets product testing guidelines
- 12 November, 2008 08:39
The Anti-Malware Testing Standards Organization announced on Monday that its membership has agreed on guidelines and principles for testing anti-malware products.
AMTSO includes more than a dozen antimalware vendors as well as the independent antivirus tester AV-test.org. AMTSO's collaborative effort to establish commonly agreed methods for antimalware testing are summed up in the two documents issued Monday, "Fundamental Principles of Testing" and "Best Practices for Dynamic Testing."
One AMTSO member, McAfee, said approval of the standards and guidelines is a "significant step for the security industry as a whole" because the collaborative effort should lead to more accurate tests of antimalware products, which McAfee indicated "are sometimes incomplete, inaccurate or misleading."
Several other AMTSO members, including Symantec, ESET, F-Secure, Bit9, Kaspersky Lab, IBM, Trend Micro, Sophos, Panda Security and Webroot, issued statements also reflecting optimism that the unity of purpose will lead to better testing of products that may influence consumer choice.
The first AMTSO document published Monday "encompasses fundamental principles of testing" and concerns common-sense concepts of reasonableness, says Dave Marcus, director of security research and communications at McAfee, a founding member of AMTSO, which he says is about a year old.
The second ATMSO document focuses on best practices for evaluating host-based antimalware products using traditional antivirus signatures in products used on desktops and servers, he said.
The underlying issue for the industry as pertains to product testing is there is often debate about what a malware sample selection actually is, Marcus says.
"What is the sample actually, is it malware, such as a malicious Trojan, or is it adware or spyware?" Marcus notes. "This is important because it gives the public and consumers what is detecting what and how accurately something is detected."
Marcus says AMTSO is expected to take up issues around network-based antimalware detection in the future as well as the question of alternative non-signature-based malware-detection methods, including behavior-based detection.