Vendors, analysts to work on antivirus testing standards
Software vendors are meeting later this week to discuss how to improve antivirus product tests, now often regarded as flawed or incomplete.
The aim of the Anti-Malware Testing Standards Organization (AMTSO) is to create a more consistent framework and guidelines for how security software is evaluated by testing organizations and technology magazines. AMTSO is meeting Thursday and Friday in Oxford, England.
AMTSO, formed in February, is composed of private companies, government representatives and others with interests in security software. Representatives of security companies and the testing organization AV-Test.org discussed issues facing the industry and the upcoming meeting at the RSA conference in London on Tuesday.
AMTSO represents an interesting union since many of its companies compete with one another. But security companies are increasingly realizing that all of them lose when an incomplete or questionable test comparing their products is published by a testing organization.
Further, the raft of security software tests and differing frameworks under which they're conducted makes it confusing for people trying to identify the best product, the panelists said.
"We're hoping that the prime beneficiary of this would be the consumer of the test information," said Larry Bridwell, global security strategist for Grisoft/AVG Technologies. "That might mean a consumer at home or it might be an IT professional who is procuring 10,000 seats for a major corporation or it could be an analyst."
Representatives are working on refining two draft documents. One defines general principles for anti-malware testing. The other covers dynamic testing, which deals with how security software is able to block a threat the way it would be encountered during normal computer use, said Andrew Lee, chief technical officer of K7 Computing and an AMTSO board member.
By the end of the year, AMTSO hopes to produce two more draft documents that clarify issues such as what constitutes a malicious software sample and guidelines for static testing, where software is pitted against a group of malicious samples to see which ones are detected, Lee said.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
antivirus
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
