It seems I forgot to mention on this blog that I stopped working with ESET at the end of 2018. I hope no one was holding their breath waiting for another instalment! However, I didn’t entirely abandon the security industry: I’ve responded to the occasional request for an interview, including this one on Who owns social media? and I did quite a lot of work on the English translation of this Book by Eddy Willems (I might still be tempted by other authoring/reviewing/editing projects). And I’m still playing with the idea of a book on anti-malware product testing.

Meanwhile, here’s an article I wrote recently for the AV-Comparatives blog. Spotlight on security: The Curse of the False Positive. Well, product testing was part of my job description long before I joined the antivirus industry (as we still often called it at that time), so it’s not quite a case of crossing over to the Dark Side. As a matter of fact, I’ve always had a good relationship with the guys at AV-Comparatives. And I have one or two other articles in process.

David Harley

*Yes, I stole that from a Phil Ochs album title… I spend much more time on music than I do on security nowadays.

SE Labs has introduced an interesting enhancement to its endpoint protection test methodology. While the company has always included targeted attacks in these tests, it has now introduced what it calls ‘attack chain scoring’. In other words, whereas previously the product under test received a scoring penalty for a breach that didn’t take into account how deeply the tester had penetrated into the system, there are now additional penalties where the attack gains more access, for example privilege escalation. This means that there is now a range of penalty scores between -1 and -5, depending on the severity of the breach.

More detail in the article by Simon Edwards here – Latest security tests introduce attack chain scoring – as well as links to the latest SE Labs reports.

David Harley

I’ve just been doing some extensive spring-cleaning on the ‘Testing Resources‘ page on this site. It doesn’t tell you what anti-malware/security products you should be buying – since I work closely with a commercial security vendor, that would be pretty flaky – but it does point to a (very) few tester sites that I think are reasonably reliable, and includes a lot of links to papers and articles that are currently available.

I may add one or two others in due course. I’m tempted to name and shame some of the really bad ones, but I’m not sure I need any more garbage testers shouting in my ear at my time of life.

David Harley

AMTSO has issued press releases – AMTSO Membership Approves Major Step Forward in Testing Standards and AMTSO Announces Full Adoption of Testing Protocol Standard – following the approval by a majority of AMTSO members of its Draft Standards and authorization of a working group at the recent AMTSO meeting.

No information at present on exactly how the voting went, which I’d have liked to have seen in the interests of transparency.

David Harley

I worked with Symantec’s Mark Kennedy for some time when I was on the AMTSO Board of Directors. He knows much more than most about the organization and product testing in general, and this is an excellent and informative article: AMTSO Testing Standards: Why You Should Demand Them – “When it comes to security product testing, a good test in one context can turn out to be meaningless in another.”

David Harley