Anti-Malware Testing Working Group | eWEEK Labs
Reviews
SHARE
Facebook X Pinterest WhatsApp

Anti-Malware Testing Working Group

Written By
Cameron Sturdevant
Cameron Sturdevant
Dec 19, 2007
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Anti-Malware Testing Working Group is a group of vendors and test organizations that plan to release methodologies for testing security products. Brian Prince, one of my news colleagues, has more on the story here. The question Brian asks, “Why has testing lagged so far behind the threat landscape?” is a good one, but one that’s got an easy answer. It’s very expensive to do this type of testing.

In many ways it’s like testing spam … you have to have a fresh crop of malware every time you test, so it’s practically impossible to repeat the tests. BAD (Behavioral Anomaly Detection) software, which is supposed to be superior to signature-based anti-malware systems because it can catch zero-day attacks, usually requires some type of user interaction (such as signing up for mail lists, interacting with a system or clicking on a call-to-action to activate the malware). At a recent Symantec security reviewers’ workshop (Symantec is one of the vendors participating in the Anti-Malware Testing Working Group), there was a debate about whether a threat was a threat if it was just dormant on the system. Symantec officials were of the opinion that a dormant threat couldn’t be classified as malware because it wasn’t DOING anything bad.

There is some merit to this position. If a piece of spam installs a backdoor for the Eudora e-mail client, but Eudora isn’t installed on the system, is the backdoor malware or just useless bits taking up a little space on the hard drive? The super-conscientious could take the position that Eudora might SOMEDAY be installed on the system, provoking the malware into action, and so yes, even dormant, the malware should be detected and removed. The question then is, Should that be the job of a BAD?

I think it should be the job of an endpoint security tool in 2008. Anti-virus/anti-spam/BAD/IPS/firewalls should be combined into a product that doesn’t consume all the endpoint resources while protecting users from the numerous and increasingly well-crafted threats that surround them. As well as testing what these products can do, eWEEK Labs will continue to advocate for security products that protect users from the threats facing our audience in whatever form those threats appear.
Cameron Sturdevant
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information