Wednesday, February 11, 2009

About testing anti-malware products...

Kaspersky Lab is an enthusiastic supporter of this initiative, and several members of the research team attended the AMTSO meetings already. And AMTSO seems to get there... Recently there was a meeting in Cupertino. Major progress was made on a number of papers I’d say are pretty important: these include not only a glossary, but also papers that discuss such topics as gathering samples, sample validation, in-the-cloud testing, issues with malware creation or modification for testing purposes, and whole product evaluation, and I expect to see quite a few of these finished and approved before the next AMTSO meeting.
Standardization on good practice is good for the industry, of course, and continuing cooperation between the antimalware and testing industries benefits both parties. But if we do this properly, it will be even more beneficial for end-users and prospective and actual customers. Not because what’s good for the industry is good for its customers, but because what we’re aiming for is to make it easier for them to distinguish between good and bad testing.
So this is indeed a good thing protecting everybody from bad testing.
What did you say?
Oh yes I've seen a lot of bad tests in the last 2 decennia...