Monday, 20 January 2014

Four Fs of Anti-Malware Testing

A practical approach to testing endpoint security products

Late last year I wrote a paper and gave a presentation about testing anti-malware software at The First Workshop on Anti-malware Testing Research (WATeR 2013)  in Montreal, Canada.

The paper is published on the IEEE  Xplore website. You can download it from there if you are a member or wish to pay. Alternatively, you can download a pre-published version from here for free.

I'm sure that it will make fascinating reading. However, maybe my presentational skills need polishing as at least one person fell asleep as I spoke. He assured me later that his fatigue was due to the previous night's alcohol intake and not the material in the presentation...

Abstract— This paper presents a practical approach to testing anti-malware products, focusing on the following four areas:

1. Defining the scope of the test
2. Interpreting the test results
3. Methods of data collection
4. Managing the financial costs of a test.

I will also note a number of common mistakes that testers make and explore some of the technical and non-technical challenges that testers face, including attacks on test methodologies by the anti-malware industry and other third-parties.

While the principles discussed apply to many types of anti-malware testing, on different platforms, this paper addresses specific issues relating to testing anti-malware products that run on x86/64 platforms and exposing them to ‘live’ malware threats that actively attack systems on the internet at the same time.