ESET Threat Blog

Well, not exactly, though actually a top ten of top tens isn't a bad idea: apparently, top tens usually attract plenty of readers.  As do top fives. twenties etc, though probably not top thirteens.
Security Memes a Lot to Me
Still, there is a touch of recursion to this post. I got a notification from the Security … Read More…

Kevin Townsend posted a rather interesting article on his blog asking whether AMTSO (the Anti-Malware Testing Standards Organization) is "a serious attempt to clean up anti-malware testing; or just a great big con?"
I posted a lengthy response on the AMTSO blog here: while it was a personal response rather than an official statement on behalf … Read More…

Jan Vrabec, my colleague in the Bratislava office, has some thoughts to get off his chest about AV vendors and  misleading results from internal test results, so I'm letting him borrow my soapbox. All yours, Jan…
Lately, we have witnessed a new trend pushed by the marketing departments of several antivirus vendors: in-house product testing. Of … Read More…

AMTSO (the Anti-Malware Testing Standards Organization) has published its review analysis of the Endpoint Security Test that was published by NSS Labs on September 8, 2009.
The Review Analysis published on March 17, 2010 compared AMTSO’s Fundamental Principles of Testing to the NSS Labs report and found that it doesn’t comply with two of the nine AMTSO Principles:

Principle … Read More…

* http://math.boisestate.edu/gas/mikado/webopera/mk105a.html
Kevin Townsend posted a blog in response to a piece by Mike Rothman at Securosis. Mike’s piece on “The Death of Product Reviews” makes some pretty good points about security product reviews in general. Kevin’s piece is more specific to anti-malware. He too makes some useful discussion points about the value or otherwise of … Read More…

Larry Seltzer posted an interesting item yesterday.  The article on "SW Tests Show Problems With AV Detections " is  based on an "Analyst's Diary" entry called "On the way to better testing."
Kaspersky did something rather interesting, though a little suspect. They created 20 perfectly innocent executable files, then created fake detections for ten of them. Then … Read More…

We have just come across a Buyer’s Guide published in the March 2010 issue of PC Pro Magazine, authored by Darien Graham-Smith, PC Pro’s Technical Editor. The author aims to give advice on which anti-malware product is the best for consumer users, and we  acknowledge that the article includes some good thoughts and advice, but … Read More…

The Hype-free blog at http://hype-free.blogspot.com/2009/12/congratulation-to-av-comparatives.html yesterday mentioned the latest AV-Comparatives round of test reports, including:

The whole product dynamic test at http://www.av-comparatives.org/comparativesreviews/dynamic-tests
The December 2009 performance test at http://www.av-comparatives.org/comparativesreviews/performance-tests
The summary reports at http://www.av-comparatives.org/comparativesreviews/main-tests/summary-reports

I have a pretty jaundiced view of testing organizations in general: after all, I see some pretty awful tests proclaimed by the testers and others as … Read More…

I recently made a presentation to  the Special Interest Group in Software Testing of the BCS Chartered Institute for IT (formerly better known as the British Computer Society). The PDF version of the slide deck is now up at: http://www.eset.com/download/whitepapers/Curious_Act_Of_Anti_Malware_Testing.pdf
The presentation outlines some of the problems with anti-malware testing and summarizes the mission and principles of the … Read More…

Verizon has just done something rather brave. The company has issued a report on "ICSA Labs Product Assurance Report" (http://www.icsalabs.com/sites/default/files/WP14117.20Yrs-ICSA%20Labs.pdf) that talks about the difficulties that most products have in meeting the requirements of ICSA Labs certification.
Why is it brave? Because those companies provide ICSALabs with a healthy income, and might therefore be a little … Read More…