Thursday, February 10, 2011

Anti-Malware Testing Standards Organization Meeting In California

World. For a couple of days, San Mateo, California will be known for something more than the city where Boston Patriot quarterback Tom Brady played high school football and where the horse Seabiscuit raced during the 1930’s Depression. The Anti-Malware Testing Standards Organization is having one of their annual meetings in San Mateo the week of February 8th. Of course, next week is the RSA 2011 Conference in San Francisco

We’re talking about a bunch of really bright people. The smartest men and women in the room. People who get voted off the island for being too bright for the others. Much smarter than a 5th grader.

The Anti-Malware Testing Standards Organization (AMTSO) is a three year old international non-profit association that focuses on the addressing the global need for improvement in the objectivity, quality and relevance of anti-malware testing methodologies. AMTSO membership is open to academics, reviewers, publications, testers and vendors, subject to guidelines determined by AMTSO.

The wisdom of crowds (unless it’s the right crowd) does not guarantee arriving at the best solution. Would you rather rely on the advice of a surgeon, team of surgeons, or 200k Facebook fans clicking or not clicking "like" and adding comments to provide the best course of action for a procedure? The third alternative is quite scary. I would go with the experts with respect to suggesting security test guidelines.

Close to 40 different organizations (the vast majority being global security and test organizations) are members. These include Trend Micro, ESET, AVG Technologies, AV-Comparatives, Virus Bulletin, Avast, Symantec, to name a few.

Many resources are available for free for anyone to download . Any organization or publication doing testing, at minimum, should at least be familiar with AMTSO’s (free) document “Anti-Malware Testing Standards Organization. The Fundamental Principles of Testing”. These principles aren’t rocket science, but you see them being violated all the time. There are a number of other articles, doing various depths of technical deep dives. Statistically valid tests, anyone ;) ?

Individuals can rely on the proverbial “like” clicks on Fan Pages for testing advice. However, that’s probably a suboptimal solution.

The Anti-Malware Testing Standards Organization web site is at For membership information, go to

No comments: