Vendors, analysts to work on antivirus testing standards
Software vendors are meeting later this week to discuss how to improve antivirus product tests, now often regarded as flawed or incomplete.
The aim of the Anti-Malware Testing Standards Organization (AMTSO) is to create a more consistent framework and guidelines for how security software is evaluated by testing organizations and technology magazines. AMTSO is meeting Thursday and Friday in Oxford, England.
AMTSO, formed in February, is composed of private companies, government representatives and others with interests in security software. Representatives of security companies and the testing organization AV-Test.org discussed issues facing the industry and the upcoming meeting at the RSA conference in London on Tuesday.
AMTSO represents an interesting union since many of its companies compete with one another. But security companies are increasingly realizing that all of them lose when an incomplete or questionable test comparing their products is published by a testing organization.
Further, the raft of security software tests and differing frameworks under which they're conducted makes it confusing for people trying to identify the best product, the panelists said.
"We're hoping that the prime beneficiary of this would be the consumer of the test information," said Larry Bridwell, global security strategist for Grisoft/AVG Technologies. "That might mean a consumer at home or it might be an IT professional who is procuring 10,000 seats for a major corporation or it could be an analyst."
Representatives are working on refining two draft documents. One defines general principles for anti-malware testing. The other covers dynamic testing, which deals with how security software is able to block a threat the way it would be encountered during normal computer use, said Andrew Lee, chief technical officer of K7 Computing and an AMTSO board member.
By the end of the year, AMTSO hopes to produce two more draft documents that clarify issues such as what constitutes a malicious software sample and guidelines for static testing, where software is pitted against a group of malicious samples to see which ones are detected, Lee said.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
antivirus
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
