Posted by: David Harley | October 26, 2018

SE Labs introduces penalty shootout

SE Labs has introduced an interesting enhancement to its endpoint protection test methodology. While the company has always included targeted attacks in these tests, it has now introduced what it calls ‘attack chain scoring’. In other words, whereas previously the product under test received a scoring penalty for a breach that didn’t take into account how deeply the tester had penetrated into the system, there are now additional penalties where the attack gains more access, for example privilege escalation. This means that there is now a range of penalty scores between -1 and -5, depending on the severity of the breach.

More detail in the article by Simon Edwards here – Latest security tests introduce attack chain scoring – as well as links to the latest SE Labs reports.

David Harley

Posted by: David Harley | June 22, 2018

Updated anti-malware testing resources page

I’ve just been doing some extensive spring-cleaning on the ‘Testing Resources‘ page on this site. It doesn’t tell you what anti-malware/security products you should be buying – since I work closely with a commercial security vendor, that would be pretty flaky – but it does point to a (very) few tester sites that I think are reasonably reliable, and includes a lot of links to papers and articles that are currently available.

I may add one or two others in due course. I’m tempted to name and shame some of the really bad ones, but I’m not sure I need any more garbage testers shouting in my ear at my time of life.

David Harley

Posted by: David Harley | May 30, 2018

AMTSO standards – recent press releases

AMTSO has issued press releases – AMTSO Membership Approves Major Step Forward in Testing Standards and AMTSO Announces Full Adoption of Testing Protocol Standard – following the approval by a majority of AMTSO members of its Draft Standards and authorization of a working group at the recent AMTSO meeting.

No information at present on exactly how the voting went, which I’d have liked to have seen in the interests of transparency.

David Harley

Posted by: David Harley | May 20, 2018

Symantec on AMTSO and testing standards

I worked with Symantec’s Mark Kennedy for some time when I was on the AMTSO Board of Directors. He knows much more than most about the organization and product testing in general, and this is an excellent and informative article: AMTSO Testing Standards: Why You Should Demand Them – “When it comes to security product testing, a good test in one context can turn out to be meaningless in another.”

David Harley

Posted by: David Harley | April 14, 2018

Fairness and ethical testing

ESET’s Tony Anscombe looks at some contentious issues in product testing: fairness, level playing fields, ethical testing.

Anti-Malware testing needs standards, and testers need to adopt them “A closer look at Anti-Malware tests and the sometimes unreliable nature of the process.”

A good summary, and a useful reminder of the work that AMTSO is doing, but it’s a shame that after all these years we still need to keep making these points.

David Harley

Older Posts »