Archive for the ‘AMTSO’ Category

AMTSO Conference – Prague

Monday, October 12th, 2009

Yesterday’s AMTSO conference brought with it formal announcements of Board positions, new tools for the AMTSO to offer testers (be sure to join the group!) and potential new efforts. There were some Board updates due to terms expiring, and discussion about the group’s directions. The meeting and its agenda are posted at the site’s meeting link.

The group continues to pursue ways to improve testing methods, and finding and collecting malware has always been an issue for improvement. The group is attempting to ensure testing samples that are current, and providing testing matter that exercises products in ways adequate to support reviewer conclusions.

Various papers were discussed and only two of these put up for vote. The group passed the two important papers today that will be posted to the website soon — “Issues in Creating Samples for Testing”, and “Network AV Testing”.

PC Tools at AMTSO in Budapest

Saturday, May 9th, 2009

The Anti-Malware Testing Standards Organization finished up its meeting in Budapest, Hungary this week. PC Tools was in attendance at this meeting as well, seeing three new papers passed and contributing to others in progress.

The AMTSO website has changed a bit, but the goals and our commitment to contributing to these standards and meeting challenges around anti-malware testing methodologies has not. Our second year of active participation should witness more outbound efforts by the organization. The three papers passed in this meeting will be posted on the documents section of the web site soon:
1. Testing Sample Validation
2. A Process for Evaluating Testing and Reviews
3. In the Cloud Testing Procedures.

Now that the body has voted these standards are firmly in place, the testing groups, media, academics, advisors and vendors participating in the group will see it move forward with a more active role in applying and clarifying these standards.

AMTSO on eWeek

Monday, November 17th, 2008

Larry Seltzer posted a fine review of the new AMTSO documents over on eWeek.

It’s always great to see the words “I’m really impressed with what I’m reading in these standards.” He even goes over the “Best Practices for Dynamic Testing” document, which is relevant to properly evaluating ThreatFire and other behavioral-based anti-malware solutions — delivering malware to the system in the same way that a user would see it attacking their system. We were especially interested in the “Dynamic Testing” document details and crafting at the last Oxford meeting. He understands the issues addressed in the document, including issues with using Virtual Machines in testing, and the article finishes with a hint of the reality of the process: “
It’s great to see positive interest in the testing standards already. Let’s hope that Larry and others at eWeek are interested in becoming a member as well.