The Issue of Behavioral Detection
Then there is the issue of behavioral detection, which has long been a missing piece of anti-virus tests due to costs and complexity. With vendors adding functionality such as generic buffer overflow prevention and whitelisting, standards for incorporating that technology into tests need to be developed as well. A tall task to be sure, but one the AMTSO needs to work methodically toward. "That's one of the problems-they're not looking at the newer functionalities like behavioral or generic buffer overflow prevention or access protection rules," Marcus said. "I'm looking forward to seeing those types of best standards ... guidelines as to how to test those newer types of technologies because I think people don't get a real accurate representation of how good or bad a technology is because they're tested solely against regular signatures."