New documents from AMTSO

amtso-logo-2009Once again the AMTSO, a large group of security professionals, testers and journalists came together to work on further documents trying to help improving the quality of anti-malware reviews. This time the meeting took place in Budapest, Hungary and the host was done by Virusbuster, a Hungarian anti-malware company.

img_2043

In the two-day meeting we finalized new documents, among them

  • Suggested methods for the validation of samples.

A very well-known problem of recent anti-malware tests is the use of damaged or non working samples in test sets. This means that products are tested against files that are not able to run and therefore are no real threat to users. By the fact that the amount of malware samples increases from day to day, it becomes more difficult for testers to ensure that the samples they use for their tests are really working and have a malicious behaviour. The document explains different methods how samples can be validated and so hopefully helps to reduce the amount of less meaningful tests in the future.

  • Best Practices for testing In-the-Cloud security products

Testing products that use “in-the-cloud” technologies present new difficulties to testers, since those technologies make use of online databases. Since those databases can change within minutes or even seconds, the repeatability and reproduction – an important criterion for any tests – can be hard or even impossible. The document tries to show the difficulties and comes up with advices how to avoid errors in those product tests.

Furthermore, the members agreed on a process of how AMTSO can review an existing test of anti-malware products and started working on new documents.

Philipp Wolf
Viruslab