[Correction: in the paper Mac Hacking: the Way to Better Testing? it’s incorrectly implied that independent tester Thomas Reed tested with on-demand scanning rather than on-access scanning because he believed that it was how detection would happen in most real-world situations. This was entirely due to a misunderstanding on my part: in fact, he did so for methodological reasons. Sorry for the confusion, Thomas, and thank you for being so understanding. David Harley, 26th October 2013.]
On the 3rd October, Lysa Myers (formerly of Intego but as of last week a colleague at ESET) and I presented a paper at Virus Bulletin’s 2013 conference in Berlin.
Here’s the abstract:
Anti-malware testing on the Windows platform remains highly controversial, even after almost two decades of regular and frequent testing using millions of malware samples. Macs have fewer threats and there are fewer prior tests on which to base a testing methodology, so establishing sound mainstream testing is even trickier. But as both Macs and Mac malware increase in prevalence, the importance of testing the software intended to supplement the internal security of OS X increases too.
What features and scenarios make Mac testing so much trickier? We look at the ways in which Apple’s intensive work on enhancing OS X security internally with internal detection of known malware has actually driven testers back towards the style of static testing from which Windows testing has moved on. And in what ways might testing a Mac be easier? What can a tester do to make testing more similar to real-world scenarios, and are there things that should reasonably be done that would make a test less realistic yet more fair and accurate? This paper looks to examine the testing scenarios that are unique to Macs and OS X, and offers some possibilities for ways to create a test that is both relevant and fair.
So here’s the full paper:
David Harley and Lysa Myers, Mac Hacking: the Way to Better Testing?, October 2013. Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow