Last week, the Anti-Malware Testing Standards Organization, or AMTSO, held its second members’ meeting this year that took place in Budapest, Hungary as an extension to the CARO Workshop. AMTSO released new papers at their website, adding to their roster of documents regarding the organization’s principles and guidelines on testing.
Trend Micro has been constantly and actively present since the meetings began. This month, AMTSO is celebrating its first year anniversary, and as a small treat for our readers, I would like to highlight one of the organization’s motivations.
Compared to today’s threat landscape, I like to assume that prior to 2005, the antivirus industry has a “relaxed” life. Signatures for malware were meticulously developed and updated on a regular basis while heuristics and generic detections were considered an engine’s technical high point. Antivirus testers are sometimes individuals but more likely companies or global computer magazines, such as PC World, that proof and evaluate programs or suites designed to protect against malware. Their life prior to the “Threat Big-Bang” can also be considered as relatively relaxed. This is because tests are done using one core module: the virus scanner. Evaluation is easy, and it was normally based on the scan results mostly triggered on-demand.
Cyber evolution and the Internet’s lack of regulations facilitated the “Threat Big-Bang” where, (1) within a span of just four years, the volume of malware has increased to 2,500 percent, (2) the Web has become the most used platform for scams against physical and digital persons, (3) software vendors and the antivirus industry identified the trend and began to redesign and rethink their services to keep the high quality of their provided security.
Word has it that at the testers’ camp, the evaluation of the protection against cyber threats is still sometimes limited since results are solely delivered by the virus scanner module while other modules are either ignored or misinterpreted.
Notice that nowadays the top 20 virus scanners have an on-demand detection rate placed between 90 and 99 percent—when five years ago the range began at around 70 percent. However, this is only one module out of the many that assures protection under given circumstances.
In order to address individual concerns from vendors and testers, these groups have decided to come at the same table and work together in order to support customers instead of confusing them with scientific debates.
AMTSO is now an established platform where testers and vendors could come together to inform, learn, exchange experiences, deliberate, and agree on best practices regarding testing of whole products, modules or features in a fair way. And sense of unbias has one single common denominator: the protection against fraud on data and identity.
Happy Birthday, AMTSO!