Comments on: Anti-Virus Testing 2.0 http://blogs.mcafee.com/mcafee-labs/anti-virus-testing-20 Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: tin http://blogs.mcafee.com/mcafee-labs/anti-virus-testing-20/comment-page-1#comment-86816 tin Thu, 13 Jan 2011 10:04:49 +0000 http://blogs.mcafee.com/2008/01/23/anti-virus-testing-20/#comment-86816 There are various professional companies and organizations who are only into the lab testing of antivirus programs and they work primarily for IT companies by testing the programs provided to them. So before an organization decides to implement particular antivirus software widely in the organization, they contact the lab and ask them to perform a test on the program. The lab will perform professional test cases with malware and adware programs on the antivirus and give the result to the organization. There are various professional companies and organizations who are only into the lab testing of antivirus programs and they work primarily for IT companies by testing the programs provided to them. So before an organization decides to implement particular antivirus software widely in the organization, they contact the lab and ask them to perform a test on the program. The lab will perform professional test cases with malware and adware programs on the antivirus and give the result to the organization.

]]> By: mrbishi http://blogs.mcafee.com/mcafee-labs/anti-virus-testing-20/comment-page-1#comment-14420 mrbishi Fri, 25 Jan 2008 12:36:10 +0000 http://blogs.mcafee.com/2008/01/23/anti-virus-testing-20/#comment-14420 Virus naming is always going to be a problem, unfortunately in this day and age it is impossible for AV vendors to create the same names, what is needed is a library of all the names that the vendors have put to code so that people can refer to it in order to find out what each vendor calls a specific piece of malware. While this is done in several places at present it is not as good as it should be as generally they are not updated frequently enough. With reference to the actual article and the previous comments, todays independant testers do not do a good job at present, and it is important that someone comes up with better testing methodologies. Most tests today are of static collections and are essentially just a test of a particular vendors signatures at a particular point in time. This is no good, no really it is actually quite misleading. What needs to be created is a way of testing whether AV software can actually stop a particular (or preferably all) malware from actually infecting / compromising the system in the first place. This is afterall what AV should be doing. Whether it identifies it by this name or not is fairly irrelevant as long as the infection does not actually occur. We all know that signatures are important in identification and cleaning, but it is not necessarily the best form of protection from malware. What needs to be highlighted in tests is whether or not machines were actually protected from the word go whether it be by IPS / firewall type technologies within the the product through to generic and heuristic type detection methods. It shoudl also be noted that if you are going to test the importance of signatures, it should be on actually infected machines, not machines with just infected files on them. In this way then the true capabilities of the AV products can be put to test by acknowledging which products are actually capable of removing the infection from the machine and what is required to do so. Not all vendors are the same, several require that you actually download and install extra executables onto machines in order to clean them.....customers need to be made aware of this before they actually spend a load of money only to discover that they are unable to clean their machines easily. I strongly applaud the industry in trying to rectify the testing methodoligies to give a better picture of product capability to all, i just fear that it is going to be an incredibly hard thing to do. One other point i would like to make - whoever suggested the name that abbreviates to iTOSS was obviously not taking the whole thing too seriously. ;-) Virus naming is always going to be a problem, unfortunately in this day and age it is impossible for AV vendors to create the same names, what is needed is a library of all the names that the vendors have put to code so that people can refer to it in order to find out what each vendor calls a specific piece of malware. While this is done in several places at present it is not as good as it should be as generally they are not updated frequently enough.

With reference to the actual article and the previous comments, todays independant testers do not do a good job at present, and it is important that someone comes up with better testing methodologies. Most tests today are of static collections and are essentially just a test of a particular vendors signatures at a particular point in time. This is no good, no really it is actually quite misleading. What needs to be created is a way of testing whether AV software can actually stop a particular (or preferably all) malware from actually infecting / compromising the system in the first place. This is afterall what AV should be doing. Whether it identifies it by this name or not is fairly irrelevant as long as the infection does not actually occur. We all know that signatures are important in identification and cleaning, but it is not necessarily the best form of protection from malware. What needs to be highlighted in tests is whether or not machines were actually protected from the word go whether it be by IPS / firewall type technologies within the the product through to generic and heuristic type detection methods.

It shoudl also be noted that if you are going to test the importance of signatures, it should be on actually infected machines, not machines with just infected files on them. In this way then the true capabilities of the AV products can be put to test by acknowledging which products are actually capable of removing the infection from the machine and what is required to do so. Not all vendors are the same, several require that you actually download and install extra executables onto machines in order to clean them…..customers need to be made aware of this before they actually spend a load of money only to discover that they are unable to clean their machines easily.

I strongly applaud the industry in trying to rectify the testing methodoligies to give a better picture of product capability to all, i just fear that it is going to be an incredibly hard thing to do.

One other point i would like to make – whoever suggested the name that abbreviates to iTOSS was obviously not taking the whole thing too seriously. ;-)

]]> By: LOL http://blogs.mcafee.com/mcafee-labs/anti-virus-testing-20/comment-page-1#comment-14419 LOL Thu, 24 Jan 2008 18:59:31 +0000 http://blogs.mcafee.com/2008/01/23/anti-virus-testing-20/#comment-14419 AV industry designing the tests, that's priceless. "The plan of action is to meet several times a year" Preferably in luxorious, warm locales such as Spain. AV industry designing the tests, that’s priceless.

“The plan of action is to meet several times a year”

Preferably in luxorious, warm locales such as Spain.

]]> By: saso http://blogs.mcafee.com/mcafee-labs/anti-virus-testing-20/comment-page-1#comment-14418 saso Thu, 24 Jan 2008 07:05:35 +0000 http://blogs.mcafee.com/2008/01/23/anti-virus-testing-20/#comment-14418 i wish av industry would give as much resources and time on a more centralized database and sharing of samples (between the av vendors of course). for me this current "fight" of av industry about av testing seems to be quite useless (don kihots like), since there are few av testing bodies that are already doing quite a good job. and please don't tell me that you (the av vendors) are already sharing the samples, for more then 10 years i am quite close to this industry and i know that this is by far not done as good as it could/should be. and about the comment above, from chris... i believe this comment was on the right place about 5 years ago, today however when we have several thousands of new samples per day the names of this samples IMHO have no value and people should realize this and just get over it. i wish av industry would give as much resources and time on a more centralized database and sharing of samples (between the av vendors of course). for me this current “fight” of av industry about av testing seems to be quite useless (don kihots like), since there are few av testing bodies that are already doing quite a good job. and please don’t tell me that you (the av vendors) are already sharing the samples, for more then 10 years i am quite close to this industry and i know that this is by far not done as good as it could/should be.

and about the comment above, from chris… i believe this comment was on the right place about 5 years ago, today however when we have several thousands of new samples per day the names of this samples IMHO have no value and people should realize this and just get over it.

]]> By: Chris Mosby http://blogs.mcafee.com/mcafee-labs/anti-virus-testing-20/comment-page-1#comment-14417 Chris Mosby Wed, 23 Jan 2008 21:32:25 +0000 http://blogs.mcafee.com/2008/01/23/anti-virus-testing-20/#comment-14417 What about virus naming standards??? What about virus naming standards???

]]>