|
|
|
Standards Come to Anti-malware Testing
By: Larry Seltzer
2008-11-14
Article Rating: / 5
There are 2 user comments on this Network Security & Hardware story.
Standards Come to Anti-malware Testing (
Page 1 of 3 ) Security industry organization AMTSO develops high-quality guidelines to help vendors, analysts and publications test anti-malware products in a fair and thorough way.Computer product testing, sadly, has been as much art as science over the
years. It's not just that the products are so complicated as to defy simple,
straightforward analysis, but also there are no general agreements on how
products should be tested. Now that may be changing with respect to the testing
of anti-malware products.
New guidelines issued by AMTSO (Anti-Malware
Testing Standards Organization) set an excellent standard for high-quality
testing that you can believe in. I was in the professional testing business for
many years, at least 13 or 14, and was technical director at four different
labs. I don't do much actual testing of products anymore, but I still follow
testing issues carefully. I'm really impressed with what I'm reading in these
standards.
Two
"Principles" documents were released by AMTSO. The first, "AMTSO
Fundamental Principles of Testing," is a set of rules and advice, mostly
for testers. The nine principles:
- Testing must not endanger the public.
- Testing must be unbiased.
- Testing should be reasonably open and transparent.
- The effectiveness and performance of anti-malware products must be measured in a balanced way.
- Testers must take reasonable care to validate whether test samples or test cases have been accurately classified as malicious, innocent or invalid.
- Testing methodology must be consistent with the testing purpose.
- The conclusions of a test must be based on the test results.
- Test results should be statistically valid.
- Vendors, testers and publishers must have an active contact point for testing-related correspondence.
Some of these are more obvious than others, but the
elaboration of the principles that follows makes clear they aren't just lip
service. With respect to No. 1, I've been involved with malware tests,
especially for the ability to detect unknown malware, where we have discussed
creating new malware purely for the test. The guidelines specifically forbid
this, although it does allow the modification of existing malware
characteristics. This principle also speaks about taking precautions to prevent
malware from escaping the lab.
|
|
�������xv8(;^�ӲM�)KXӶ屔xCI6ErHʶ_��O��t%Igb�P@�
�PxCgo폒D.l}dX�ri&%ٙ={t{>xY"I7o��?gTE[�lwDzFɐ!5Mч�)|w(xMcb3Cj4��l�u�{�G7oe��"�|�l 4jO40,Rc2Z1��ֳ1'ԓmMq21X�-kDq:)6�j��9ud�_�$�)qD�&j|9"?)B4xij$oq}l[�x��l߷gLw'^ʾ0HAI�b[�@i<��5j�;7�xN�5~{e�_ �o[U+h�S_�i�CVl�fes�*V��3�ș}5Q�Z$�Qɴ'vwg!205A�
Z"[��XndTZ���Ӂm�!p�
�ڦBJ%R>3Lh�yH<ݒ<�cXױ-vt
z!1�IᙡIu�O_GBP Mg�[a�W1
w?1
�G$@#,ۢ"�g�m_O|��ĵ]sj�x��Ho�~�c>ҽ)/vu߰�-2u鸞�ɲ>ʍ9hC�,CbU(J-_.JZމ"������iXG�2
ٻauo�jT/W��?
?0u�h;@b�y]Z�}rvzuqV�4ny��6y+o[YJM~gDb�J|m�g"��ԂN�Yu_Ǘ5]^)酵~o[j^SW]*a[츆Ga�`%�pfQUrn�N�sKiw[:9?iΐ}3�fPeM�~(!3h"ؕgxo�^uܞ\sܶN;]rֹ!V�Y=w
h�+?[T'_ZUկf�O|iķx83=u=�k2�`59LóJX;d�O;'O-2 H|?)y��su3P[,2$��|v'rF~DX*���+���3F��osDf@·Y��@(fy5P*4��!aF}`q{n3'@k��z3,e��g0A�M)��T1G�V�v!fB��Ņ/-_ PE!PA/�-
�5%|*(qf�){�O�E�A.r)i �t� 6=cDDd+\�v�M�j8�]7˫Dy.,2s5-w>rE?Ĵwmk8k5{�nZ{ݹv6߷`Y"}Ph�v�ZMM�qcuStʥjd:,RJ��~��@8ʍ�/7�1B��e��GtM?{㻹?{`��i��v?3gtdgnY9��:�ڠM��/�}@˥qnpj���># �p�f8=�t�u} �}��W��}cF=Ѫ`��IO
�l"#0Ie{d"3 qOs t`ro�o͠^�(gMn@��X^0�@j5�r�Hp�yY;9�CY}2��hgx ��ј�u� &��|H }t�(v9-R�:;C/1h��"�E�EK�y3@� $h�4a��z6��/m�b$&W$]��q+XdD0��.O�u$]���ڹHX,$QYLp[̗Pf)a2i4��M&D�rB��.G �wKᅖ6FlY((5M*TqoBk<6�La���uu=�4a
��[P':'4$b.*
q<3�9`��~`�TĿ[#]ۼd��Dž�3H+F9{� /<�qa Sn�6O)4sfX0a�) 0�Z|Ch#�eB�`:�{S�^c�t#u�u�S�鴉m�c3t�7�m||q�8��F`�3_iy9g~9厬m�4�@>�|�z[.z:
$�r%�vxU��i!SL&Ze�n<�Gy�9&+*\=P:Ԕ2/%�kT1g0dG
|?g�m/n)h`ࣇV*ma�1m���ߪ&UYwӛB�4�ưJQSr4%j8:uOl�k%:`�۩ԶO~P9��s�ǣYTE48U�]2�agRhjEa&s(Ḡᇾ'�6a`��cp�9pO�ms1s�Z�.V&ݳ꼰#]5ޅ1�"@0l�
"=hQiNR}�
0^gMδc!"R��X%}U5""N �D�8ma,Ca9�ִ &=M~H'�zFdZ`+JqЧ�ɥa} � Mn��Ό�u�hPVK�
BI�t˗�F-_:G>Y�=n3�$CѾ'hʰi��h`Z'&$kD!(�O<$x&\3�٣;�Og��S�ah$�_8R" @
4�~�x�< *�$BTƍ���-�[
hg
�[:8f&�߁�k"mu2�]:>R��Ϗ9(gdW%d{�)�gH\+�JZ,
j\�=>�2~�2js�p1<�__q9Sm/7�Q93I-w^_>m��^Z_09X>.<�
˟21�O`��}Q at5,?6:���?W�J��2BzNG3RBV@���FK~ȩ)�u7ubv�94b�{H��s�Ws�q�9l`EYg?[7i`��9�26Ě8+с,X���rETՒ>ޝﮫ�F���#F��� ��>�`S�(p&Ni}zwH��y�\9B\kB�ZC
�cqm8�@{7@úٰb/RV*{6:��{o]hD��QT��^�\���)+pL�j�� y�YU!RW_�*5= 7S_1�-SMӓU;4
/aIۛGnz@MĴ�9q�,2%8z.0
;/%9
$ہ�3LnuqtTM51/rhy6檦�c^F�4Ω"6vy'�ȮaϸZMs��|O>ܽ�JX�c7�:� t'�>;�WEn[#/R@�71ndS0���̞�̞�A-m��ۨU
�L
�Zժ%a��v� bȈC|d�zL$~9Ra�s�=mz*ETʃY��iŨ�2-ct{ێ1d}̩�7O۷oUUAS^;:9&�P@hO��\ 7Nqk���\dǖ�$/�y�8e3 )S`e3*�J��{[s37|�yjC?0_DBn(��}p&>�xQrZ!7&�ju[}$�JsO�$NoTB9_VJL�Q�!WӼFq�i�
lXIJ�~@+i M�#�z�;
ixT�,s�KbӔ�UϨ�l~d{m>�Q��G�v
u
nqo�.W���217�0v��ӽ'j��D@KYJ�;Y*UUNHZʋ$t`�� [�m9�:JBU2qz27)k-5��Yw�W�wgQ��wIƙ�RA
5�r\~ؓN\��s���O
ʣZ<$C-�9�O.+LJJ9_-]Q3A��;��"6B�c=I<��\CGpz�k$,-/� >>�鮿=B�=:?BQ`��о(&[߳M/O@T�[#��{?J䏽7�klsՓΚOGxg��!?�ٿt۽v00y��J��ia�Ծ:m�k�f-|:ڗ-~61%z˞NIM�$H��X�L�j$bv}�Rz^^7OOW�^a�|h���2߈�G4(r:�e}J$}ҹx5rѾjIVGzkQ~\O��y~uĂu4UHV&8���hmǛ&y#LkC��k#F/�!B*.
g�8w�B�ZUcc��FpXۈFhV[Sx~j+[�̚[�6?ĀBr
f��AQj��@�RPOh5[#NHvRgp4{"�
B4�X
u��"(BShD�,uҹir3Kl�}E_(o`ۗo!IR�}K_cO/Ͳi<&�
]l�{3ض5��6I폤sqHHD�E��>]8/{�IBܰR�7^��?|I -Uu>nSo��rJ`"�:�hhwi^��`e>b%;yPb}�b&ŵh0%g&B|c'��?<�@�s`�*G^\Q�]s>�ťCa83&=\�vbˑ{^�\Azs��gOɭ23ǵ��Z}d�jW�kȞ醅(i\uzykݐէ9ar܂s $J�BKxOԽP3 ��2'|K$nNws�[v+{Ш+-Co�ug?�d^uo-;xZZw[qh*A=sK�<,���?G�gc:�M"�INU)yYdU)IW]YG G8���ɢoZ`@L6�Oځ{W:-3H�ϭ![Gv�層o�~?`�cן��<�5@�K~]epw.ߕC
Cz٥-eEJ}�]&ZDNpu5${QJ)Jps�}//K`T�yr^vmM$af�H?
BĬӰ|{21k]}vZ�fvÏ1&k� ?!NZ&;xh3:oׇL?C~!�+Q1j?3$�9g2��@�*y�x�\�[s5%pPx15�y�(�h4Rrg7�{6if;��Ⳇ̖��M õaV��al8�$\b��wl;ʷ'Gg鎿Z�{kE�|;L-u�\O�/5[�%p��W��_C_c��JM%O4yӭ`@�)/3o�S[3^,-6Ũg?5,�g����fiqn
e]��'Kq"FZTrV̒M7;n�#$ݹ{O�1]cK覗m�m�AWQ�DP�4�!c ��O|Gr�RL��}FQOM}�8X(na6RW�-+akXj|jw5^P8j�v7��{��ex&#&�@ BA��UTb|]%ؒ�/Hq0F@]��D�+kLъg¤ဖ0|�ܺ1�& *�B"E7W;�C&,g�@�(!w7+!-*-_
�-Qllo&�>�#h�l)}qh[��Wq�'�Vx�6 �����Ѳ#�з.O`#ۤ-lI-�_X<�x>z��m4 �KM de3'�Ƚ#��Fbt�78�X�3N�#عIZ9�^PZ��K`ȓN��d�c�6
Hޮ��rEUҸ
.�\MqD��"1"`}�|�2sxng0ie[&-}���o*�>L@]G\X)B\x�� /Ob=k�\fW
j] /m٠lpvܖOb9.lN0iyO]k[Rj4���H�@� �n�p�<��!vEc]y iM��f)���C]7777}R5|z}�DmOJ~ �X(;�tKC'.�BZ^-hեAb�#�c
$�*nC��aPS�.�}�ti<�jNV�5Pi}ln7^�UNt804�0c�>b�6p�vD�8�YK�0p�'�!!v&@c"[ʫ9RĞ9s~w��u�H* pH=o<7=�u�6
olv��#rwلC*����,%mf;�RL:Я?H�uIƳnY/d1;.]S]�Ɲ.�#ݵmP�է��#&bX� jR�@��yx
ߨz
h�P{5�ɵg��V$-i.l�_{B1$X`� 9-��?~=��Ws
{tK�[f\=e5�K ]|m0)q��PPps@`k�O�Obx2_晻0Gn�Qz㢲Eh��v.B��
�+!��;H��4M9�]+ �wEc햋!A>u<�r y���m���&@�@"�!G$mqNȇ��wAKn fHp;d۳Lcox4=0hNwty+=VR2]�Ob�ş-wH=qKTR39_rԷD�R|7 _<�,X[Ifn5�^D~(�n{3�d�#�9b��!ƘFs3"C|ж-e�jX�P|J0��-c
�1xR�;��~puǁ�dYͥ҈YΥ3D/;HKeX�-^XXؐSc :0�&d�H2@5�IY#6�
jHg�}1�B*Θhf֦x/27AX�+%{Y �DrpB�h˿G0ìme1
�Acpmc@RżM̫^]V&0\߶(>6�B̳]4oe=ޚD�ۤ��E�j9-Tכ7�.P5�pH�]�0&s3}��7.q|�}��{*�1��8�7�~�CP�*�
x�o|
_AG5'Mˤjg!`,�c'��~V�EH�'ƻkɾ�^��/
:à�Ԉ,S*w"fSpf�vfn���tum|y�#oŪ?�&S$,1z*ㇽZ�1sl-^pJ+�A�||m Q)?(q��:'[�@9p���]>�_�
2+=�bXa\sN9.t�:x�6Ƭ#,%:vI]u�sH�(kX4X���>�V�}YƆ&('�*4+a/%s�"j\l`K;0珌�뻢4�D!/(�/.ra�aI{J*r$rh0VǕ59x� �+ł7*R%#G@�¿� �Rxc�C5ˉ>B� �K#:�G�m��ަG1m��F1h=8̘�\�#Э�B!ͪM;/P}wY?e=pa����鮿K!ңVQ�Rw>A4T�
"FO/�|�T0/b=�8�#k�^*�\{D�!1K=�o~{@\p
X!ql��+�ւ֊6 sB@[bO�O���5�V�:in[_��rպ^zM�=<,���{@&8$x`3]\��h���T�i0vs�L� 'l�}��T�+�ws?wK�9¦�v
't1;7�pa!}/~��߲6�5ŢM��H3vX~w7n*U%���8�h0�.gjuc@K�+2&�B�c�85��49w=�vtV4&b?
LiG0 ,�[��YC)M�쮂1n+eDW�)�"`" aXCsFĘ8!9�d
)&ZCz�nG>$�;k&(?.qx�"�[X#&�3v)r+9=_qT
H"nhtM\U��*@J��P�|=?~��e�ԍ
)As�a8�nn٣�6X`St2"ܟ.Ӈ;3�*S��jm>�>T9Kv��:^s^VCѝ%xk���a�g�3�7%iDRxOb
]�4�Bp{=9Qa51:A|p�üޙ�COf��Cb�h),fLWTԲR��&uE}%�!2L�c-Vb�;eI�{uzԤC_Цk15Lrs�c%��
�)nu:U+�Lj^*V^m^�;^
鿦�鿥@&pj3%�靔tSi+%�O6�}R�>?@L㼽9}iOSҡ}}�onk7%�ڜ~�/RhLK2�K��{BKe
}.��/?/S�2?QFR��S!<%�KHLIJ+�J��N~k�)onR�wS��{��9�ׇ����)}�}L-ߦ�ަ-R-m
:IJ� "gk8b���3�~)@_/<�,%
)@z
LI�LcS\g�L�{ )j[[?[O:y�CFW=m
r�z!�R1��TaԭxMV7p
E���Х��/Fu�^�E,E��Iu7�/��{_ۑ����6)�Ͷ�%�,�j-O#��ll�w^�,%�},�7�F�?6Neа!EX%KlŜh'ޭ?���N>x@O�3��)�(V
!{Po.@#�
dϽG�!NφE |2�06�n8�[]^
�̇�AwE�+m0.m�8A�p�.`V/C�N|X�v7i\��]W���I�vm8mx/�~}v1�1-�XikО(w*Y��BŌشS:�z�F"e}%�ar�1<̾PˬDi (��-_
]:�PK7?�&T|�5{6HDR��}F�0Nڽ]�?N�9� a�nwfX5�Pˎ4F3F)f�$NS��xc{E�xV�µ��#!M�`(�yc<��z�n{=F�U�ћEt4�/{HPWׁݞV���/o}
8�O.�dz|�ḿ!Xu�(߆ђ[0��.�?FuoY �%6+-x���0vGĶR�y&yV٫DR�*,JMb��X,/3 �d;ms;>�Ba0\�X$�x
ky�f�ţ3�W\4ZP+r`V@8̙�LÛ�~H2I�5�"`�<=fڕ+샺iL0\e~m<3�{(vc2,@Sq1ݶt��H�s^��zX�ٽf�?�Rn'X�x;PV�t@��xS�az�O�뱊v�E=b�7u���v�QmRo#ȰNm1(<}Nuw=��v�{lC36�*
<9Mo@e ���-[�܋�}cm��81V`mӳ-�ɸ{-̅4 !^xyu~ҕ ^Eq6�Mb5��E:#v%%76$`����m9�0X�1#(��N�R�(t7=`�N*S*|J>-h\�u{}Mc0'¿rb;��g<ǚZ$�+DvzUm�7x�+[�cdN>Y{�^jPpP.9ˑ_u'a1�+�=+:d5�h_v&6]|v08��X�~�J��m!裃�ȃk|�@g���^��O�^cg�
X�-f�1%DthsR&�799A �}�&�l�� ekEh z.�3
�pK��<9܀϶b>�GN
.x��nַ2;r�3zs�ʧ5YnM+�F".'}g}��N3���cL7x �O�~A
�#n>g/�r�/_�ŁY��fZ�^_X�~�7s
5Ye )�sZ
�P�_D_2���T�G8c�`8��JL��rp�N9�3F"H)l1)ZF~!ж�O�u �e�s`}iԕAB�?,W3~%!�?�S\�mA%�+�8iáz��AxD9�k%J��@��toM�)_`0N(�Ҿjab�x@
�R8@�N�i`Xx�C2��~)]Z(Nf�Ky)���n�~R86yDM}!��j�kK])�}Gx�k/'flc_6xaB!VH V`6;�
-忓MtOn:��&b(.0+�[puW�V +M4mU�Dv3�3ێ�뛽ຠ'��t5QA~��Phw�x>ƙՃqI]|<�`HEtY0
= kbn1xk��;`C!�ɂE4�wEba�NW�>_f
��#s�bQɅS.�=["9���+�� t��]h>jnB>�6�V�
�SYk>�P7Kx BdʶvK�o���=Ѿ�A �[�CU3ٜPx;뿞's�ç"_вz>ز0A([�xDKnӖ�j&%:্�c\`(�7�nn(TH�' `6��7�25F���x�5{na;e�frqG7{Nj>w��c0QG8GZи1+7mL4!�[Vc|[k�p�B�
mĄ.Qqd�G B>Eǘמ[�=�P+Z� ��#я�ٹ};�!l=�b�v�+Ҏ)�f�OZ��Rsv`HE�8 �BB�x`ێZv}B$;A�9�Ϛ{!�&G|È,}
GhJ
`իZ%_JU��pTn���G�
2A�)b4 !]/�C,G3k8+puGNՃ!CO�L�E9V\<ʮL`r�v��z>��![%tZ�2z>�uzY}HcJh^A\ZTu��%X"V�[ΣVyhMIssw��'|:&�ӹ9m%A0�OXi}<#ނ�j̚%z�
5X$7G z.�ܩp�UcDH|ߩoƘ�C�b5C%UPc܂�Bf{kA\�G��bz-F�U勅2_~CKU]C�ޘ)\]Xb�4Y
|
Network Security & Hardware 
