Rather old news, but maybe interesting to the COMODO development team

Thursday October 11 2007: The German organization AVTest.org is gathering suggestions for a new way of testing implementation in anti-virus software. The currently used methods no longer are sufficiently today. At the moment security investigators are testing the quality of the current virus scanners by observing them react on a new malware, which is then put in a blacklist of signatures. In practice these tests are the so called “signature detection” which are no longer from this time.

This approach says nothing about if an anti-virus software is capable to detect the new quick changing malware though. For this kind of detection the “signature detection method” is by no means enough these days to stop malware in time. That’s why an new test method should make use of an “behavioral detection” thus security expert Otto von Guericke from the University of Magdeburg (Germany). “For these tests to take place anti-virus software should be frozen for a couple of weeks, so they can not load new virus definitions. Next the test machines should be brought in contact whit new malware”.

The AVAR Conference will be held this year from November 28 to 30 in Seoul. Maik Morgenstern and Andreas Marx will be talking about the topic “Testing of Dynamic Detection” (like HIPS, Host Intrusion Prevention System, and “Behaviour Based” solutions).

Now, where did i hear this before? wasn’t it on this very COMODO’s Forum?

There are still some uncertainties about the new test method. For instance, must the test be done in a sandbox kind of environment, so the test computers will be don no harm in real live? And how will rating there performance take place? Of course there are more than one manners to disable or block malware.

The plans to develop a new way of testing for virus scanners, are getting support from companies as Symantec, Trent Micro, Panda, Kaspersky and F-Secure. By expectation proposals for this new test method should be presented next month, during the “Association of AntiVirus Asia Researchers 2007” conference in Seoul (South-Korea).

I read all of this story on the Dutch website techworld.nl (Sorry it’s all in Dutch).

Cheers, Zocor. (B)

Thanks for that Zocor

The world has to find a better way of testing security applications! For example: our av products protects users from more viruses than the best AV can detect! However, they are still judged on their detection ratio. There is no “how well it protects the user” test!


Couldn’t have said it better myself! We do indeed need an good way of testing AV products. Like an international standard, like metric units. Of course, there will always be some who wouldn’t use the standard, like America doesn’t use metric!