Experts recognize that the traditional, formed for the 80-90-years of the last century, testing the effectiveness of anti-virus software has now become unacceptable. According to Sergei Ilyin (Anti-Malware.ru), now is the time when the antivirus market require complex tests that correspond to actual algorithms for the users and fully functional protection checking - checking for patterns, heuristic analysis, firewall, IDS, HIPS and etc .
Developed by the Virus Bulletin (VB) in the 90's. criteria for testing anti-virus and created on the basis of their virus signature collection of The WildList while recognizing the antivirus industry to this day, but did not take into account the radical changes in the landscape of threats. For example, they explore the virus only under the Windows platform, and only self-propagating virus variants, but under the latter criterion is not subject to broad classes of malicious programs, such as spam bots, spyware. Number of stable active senders who fund The WildList, as stated in the Virus Bulletin Conference in 2007, the head of the test lab AV Test Andreas Marx, does not exceed twenty, and the number of monthly updates - a half dozen. The system for receiving and processing updates burdensome for both the sender and a compilation list, so since the upgrade to the publication of an updated list is about forty days.
Synthetic tests most laboratories AV Test held within four weeks. Antivirus tested every week with updates enabled, and another week - without the possibility of updates. According to experts, testing is done on computers disconnected from the Internet on a limited (for a given criterion) the signature-based virus. This is consistent with the principles of the reproducibility of the test, but does not correspond to the real conditions of exploitation antiviruses.
Retrospective tests conducted by Andreas Clementi of the virus laboratory AV Comparatives, according to experts, it is better than that tests VB, simply because they are used not dozens, but hundreds of thousands of a variety of virus signatures. However, signature-based AV Comparatives database is not publicly, what draws our attention to an expert on products and services company Trend Micro Mikhail Kondrashin. Consequently, it is not in a position to evaluate a wide range of specialists, such as the presence of false signatures. It is also important that, in conducting its tests, the laboratory disables involved in anti-virus products are gaining popularity and drastically affect the effectiveness of cloud antivirus technology.
In early 2008, was formed Anti-Malware Testing Standards Organization (amtso), combining 40 antivirus companies in the association to develop uniform criteria for testing antivirus software. This year amtso published a series of recommendation documents it has developed, and at the end of the summer test laboratory NSS Labs has completed the first test, performed in accordance with these recommendations.
During this test, NSS Labs has collected data about potentially hazardous sites identified are really dangerous, having received as a result of 3243 addresses. For about three weeks to these addresses scans of the antivirus. The test allowed to know how time changes the ability to block scanned by the Antivirus contamination from each of the selected infected web addresses. It should be noted that this test is checked by opposing anti-virus is not active infection, penetrating themselves on your computer, and the infection that occurred at the initiative of the user, triggered by the actions leading to contamination of the methods of social engineering.
It is known that NSS Labs is preparing tests for other types of infections. All this suggests that existing tests are not perfect and require modernization. Hopefully, the technology of testing will be improved with anti-virus programs and we will get objective data on the effectiveness of anti-virus programs.
See more:
Avira AntiVir Personal Edition 9.0.0.415.
Microsoft has released a free antivirus
Share
No comments:
Post a Comment