Helmuth Freericks is an old hand at the malware game, having got to Commtouch by way of Authentium and Command Software.
In an article for SC Magazine on Anti-virus myths and facts, he offers an explanation of how the misinterpretation and misunderstanding of AV test results can cost money. In particular he considers the myths that:
- AV is purely reactive (a peculiarly stubborn myth, that one: while we all wish AV products had a higher success rate in detection, the problem is certainly not that the industry is restricted to static signatures)
- Not all detections are true positives – well, I’m not sure anyone is unaware of the false positive problem nowadays, but I can’t deny that it is a problem
- “Testing an anti-virus solution should be done by throwing as many viruses at it as possible”: in fact, while he doesn’t really go into the static versus dynamic testing debate as such, he does make a number of points worth mentioning, including the undesirability of mixing detection testing and performance testing.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow