Dynamic testing of anti-malware: new challenges for security vendors

18 Mar 2009
Virus News

Kaspersky Lab announces an article covering the impacts of dynamic testing of anti-malware solutions. The subject has received a lot of attention lately, particularly following the formation of the Anti-Malware Testing Standards Organization (AMTSO) and its postulation that “testing must not endanger the public”.

The adoption of dynamic testing procedures implies new challenges for security vendors. In dynamic testing, malware samples are introduced into the test system with the intent to execute them. Ideally, the samples are introduced in the ‘right’ way – for instance via drive-by download. This does not only give the security software vendors and developers deeper insight into the behaviour of the malware but also the malware authors. In order to avoid a situation where increased education about malware will spur malware authors to focus more on outflanking the protection capabilities instead of the detection capabilities, Roel Schouwenberg, Senior Regional Researcher, Kaspersky Lab Americas, is pleading to minimise the risk and ensure that testers do not reveal too much detail in their public test results.

“It will be up to the security industry as a whole – possibly in the form of AMTSO – to take responsibility in this serious matter and not to lose sight of what is really important: the protection of users”, says Schouwenberg. “Security vendors should bear in mind AMTSO’s first rule of the fundamental principles of testing document which states that testing must not endanger the public.”

In his article, Schouwenberg uses a number of examples and testing scenarios such as static testing, response time testing and retrospective testing to evaluate the risks associated with dynamic testing. He also proposes various concrete suggestions on how testers can mitigate the risk. To read the full version of the article please visit: Viruslist.com.