Anti-virus tests must improve, agree vendors

Industry cooking up new approach.

By Jeremy Kirk, IDG News Service
Published: 14:09 GMT, 28 October 08

Software vendors are meeting later this week to discuss how to improve anti-virus product tests, now often regarded as flawed or incomplete.

The aim of the Anti-Malware Testing Standards Organisation (AMTSO) is to create a more consistent framework and guidelines for how security software is evaluated by testing organisations and technology magazines. AMTSO is meeting Thursday and Friday in Oxford, England.

AMTSO, formed in February, is composed of private companies, government representatives and others with interests in security software. Representatives of security companies and the testing organisation AV-Test.org discussed issues facing the industry and the upcoming meeting at the RSA conference in London on Tuesday.

AMTSO represents an interesting union since many of its companies compete with one another. But security companies are increasingly realising that all of them lose when an incomplete or questionable test comparing their products is published by a testing organisation.

Further, the raft of security software tests and differing frameworks under which they're conducted makes it confusing for people trying to identify the best product, the panellists said.

"We're hoping that the prime beneficiary of this would be the consumer of the test information," said Larry Bridwell, global security strategist for Grisoft/AVG Technologies. "That might mean a consumer at home or it might be an IT professional who is procuring 10,000 seats for a major corporation or it could be an analyst."

Representatives are working on refining two draft documents. One defines general principles for anti-malware testing. The other covers dynamic testing, which deals with how security software is able to block a threat the way it would be encountered during normal computer use, said Andrew Lee, chief technical officer of K7 Computing and an AMTSO board member.

By the end of the year, AMTSO hopes to produce two more draft documents that clarify issues such as what constitutes a malicious software sample and guidelines for static testing, where software is pitted against a group of malicious samples to see which ones are detected, Lee said.

What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.

Characters remaining: 500

Related Security news

Gumblar malware attack surges again

Malware hijacks Google searches to infect PCs

06 November 2009

McAfee unveils Email and Web Security Appliance 5.5

Appliance integrates McAfee's cloud-based global threat intelligence

Google Apps adds Postini security software

Postini policy enforcement layer moves beyond Gmail

Microsoft left Windows 7 open to hackers, says Sophos

'Neutered' UAC misses 7 of 8 trojans

Related Security reviews

Lumension application control review

Bit9 Parity Suite

Microsoft Security Essentials antivirus review

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Best practices for optimising performance and availability in virtual infrastructures

Many IT administrators have already learned the hard way that managing the performance and availability of services built on virtualisation technologies can be difficult, if not impossible at times. All too often, early adopters of virtualisation have struggled with limited technology features and stability constraints, while learning new ways to effectively manage capacity requirements.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Unlock the hidden IT opportunities in troubled economic times

How to take advantage of the growth potential that will occur when the economy rebounds
With the right approach, processes, and technology, it’s possible for IT to provide higher-quality services for a lower cost, while also empowering the business to position itself to take advantage of the growth potential that will occur when the economy rebounds.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *