AVAR conference paper 2007

In 2007, Andrew Lee and I co-wrote and presented a paper at the AVAR conference in Seoul on Testing, Testing: Anti-Malware Evaluation for the Enterprise. It’s obtainable from the ESET WeLiveSecurity site here.


Anti-malware software remains an essential defensive component for most enterprises, understandably anxious to get the right balance of affordability and effectiveness. Unfortunately, journalists, consumer groups and security amateurs keep finding ever more creative and inappropriate ways to test detection focused software. In this paper, we attempt to address a number of core issues:

  1. Reading between the lines of comparative reviews
  2. Anti-virus/malware against the world
    • The ethics of product testing
    • Trust and competence
    • Fact and fiction in the public view of the       anti-malware industry
    • What the rest of the security industry       doesn’t understand
  1. Technical aspects of testing:
  • Garbage In, Garbage Out: sample verification
  • Testing with replicative malware
  • Proactive (retrospective) testing and heuristics
  • Time to Update (TtU) testing
  • In the Wild testing
  • Non-replicative malware
  • Realtime versus on-demand testing
  • False positive testing
  • Testing and certification
  • Specialist reviewers
  • Outsourced testing
  • The persistent droning of the security amateur and instant expert
  1. Evaluating the evaluators: sound versus unsound resources
  1. The pros and cons of DIY testing: how practical is it?

Small Blue-Green World
ESET Senior Research Fellow

About David Harley

Musician/singer/songwriter; independent author/editor
This entry was posted in AVAR, conference papers, David Harley. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.