Anti-Malware Testing Standards Are Coming
SCMagazineUS.com is reporting that an International group of twenty one security companies have formed an organization to create standards for evaluating anti-malware products.
The first-of-its-kind standards are being planned in response to fast-changing malware that cannot necessarily be stopped with traditional signatures, Mark Kennedy, a Symantec distinguished engineer and member of the new organization, The Anti-Malware Testing Standards Organization (AMTSO), told SCMagazineUS.com today.
As a result, many anti-malware products with proactive capabilities have emerged, but almost all of the world's approximately 80 testing firms cannot evaluate them based on their new functionality, such as behavior- or heuristics-based functionality, Kennedy said.
However, the lack of standards isn't the only reason they can't test many of them. The biggest issue is that many anti-malware products are just as bad as most malware itself if not actually malware. There is simply too much "voodoo" and marketing going on and not enough anti-malware products that are actually sophisticated enough and written properly so they can truly perform. At least the goals of the group sound laudable.
The charter includes goals such as offering a forum for discussion, promoting education and awareness of anti-malware testing issues, providing tools and resources to help standards-based testing methodologies and creating standards.
I'm looking forward to hearing more about the standards and eventual testing.
[International group pushing for anti-malware testing standard]
