Security

Just how good is your AV software?

Various security vendors and software testing organizations met in Seoul last week, forming the Anti-Malware Testing Working Group. The main task of this coalition is to determine the best way to conduct behavioral tests on security software.

Various security vendors and software testing organizations met in Seoul last week, forming the Anti-Malware Testing Working Group. The main task of this coalition is to determine the best way to conduct behavioral tests on security software.

Some of the big names were present, such as Panda, F-Secure, and Symantec, as well as testing organizations, such as AV-Test.org and Virus Bulletin.

According to PC World:

Behavioral tests are time-consuming but important since the style of test replicates how PCs encounter malicious software on the Internet, such as through Trojan horse programs in e-mail attachments or through browser exploits, Marx [He works for AV-Test] said.

Those tests are seen as superior to signature-based tests, in which the virus detection engine is run against a batch of thousands of malware samples. But signature tests do not cover other security technologies used to detect a threat, such as if a new program starts communicating with a remote server over the Internet.

The desire to establish a common standard appears to be genuine, according to Ars Technica. The report from the ground is that the various companies seem genuine in creating an effective standard for measuring the performance of their product and that no pressure was put on product testers to lean towards any specific direction in their testing.

If you recall, there was a huge furor some time back over the exact mix of virus used to test any particular antivirus product (see the blog post "Not all AV tools are created equal: Uproar from AV vendors kicks off round two"). The reason is that results can be adversely affected and manipulated by throwing in an arcane virus that might not even exist anymore, except in labs.

So, having a generally accepted way of testing appear to make sense.

However, the question that I want to pose is whether antivirus software is the right way forward, or should other techniques such as whitelisting be favored instead. If you are not sure what whitelisting is, I wrote a piece on it just a couple of weeks back titled "Securing from the inside: Whitelisting."

What is your opinion pertaining to the state of AV software?

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

6 comments
JCitizen
JCitizen

hair brained ideas the bloated big AV vendors dream up. How about a testing source we can trust also?

metalmonkey
metalmonkey

After reading your paper on whitelisting and "The extraordinary failure of AV" I've done a bit of research and plan on trying Sanctuary from Lumension. Having complete control over what can and can't run in my domain without having to buy yearly subscriptions and still be caught by malwares is definitely interesting and seems like the logical way to go. Of course that's going to be a bit harder to implement for personal computing but I still think it is the way of the future. 10-20 years from now, I think most people will use whitelisting on their PCs and will know how to setup a secure wireless router. (hopefully!)

lastchip
lastchip

"10-20 years from now, I think most people will use whitelisting on their PCs and will know how to setup a secure wireless router." If you're talking about IT professionals; maybe, but if you're talking about home users; not a hope in hell!

Jaqui
Jaqui

I never have virus problems.

michaels.perry
michaels.perry

Do you really think that consumers are going to use something like whitelisting to secure their home PC? As people don't know, generally, how to set a secure WiFi network (apart from geeks like us) then they will not RTFM to set up whitelisting either. And 'User Manuals' are far too often written by developers who want to tell us how it works, rather than telling us how to set it up properly and securely.

paulmah
paulmah

What is your opinion pertaining to the state of AV software?