Now there’s a topic guaranteed to raise eyebrows and clenched fists. Next-generation vendors who insist that ‘traditional’ anti-virus is dead because it relies on signature detection; traditional companies who point out that they haven’t relied on static signatures in decades, and that the groundbreaking technologies claimed by next-gen vendors are not so dissimilar to those used nowadays by ‘traditional’ security suites; complaints that next-gen companies have been using VirusTotal (inappropriately and misleadingly) to ‘prove’ it using stacked testing methodologies, while silently benefiting from the research of the ‘fossils’ whose marketshare they hope to capture.
Well, since I derive a large proportion of my income from a ‘fossil’ anti-malware-oriented security company, I don’t expect you to assume that I’m unbiased. I will say, though, that this article by Kevin Townsend – Inside The Competitive Testing Battlefield of Endpoint Security – strikes me as a pretty good, balanced summary of many of the issues.
Oddly enough, while some of the marketing-rich, fact-impoverished statements I’ve seen from next-gen vendors infuriate me more than I care to say – I prefer to blog without profanity, in general – I’m not altogether without sympathy for their mistrust of mainstream product testing. On the whole, I think AMTSO, warts notwithstanding, has helped in raising the standard of mainstream testing far higher than I could have hoped a few years ago, but I’m not sure that comparative tests can be as effective as testers would like you to think. Nonetheless, consumers need and deserve some impartial guidance as to which vendors deserve their custom. As long as next-gen vendors claim that no-one is capable of running accurate tests of their products, and while they at the same time claim to be able to run their own flawed pseudo-tests for marketing purposes, they can’t expect to avoid independent and informed criticism. If they actually showed willingness to work with testers (even if not within AMTSO) to work towards more effective testing of their products, they’d gain in trust and credibility. Or would that be too traditional?