A Couple of Testing Methodologies for You
I just wanted to make mention that a coupleof my testing methodology conference papers have finally been uploadedto our whitepaper section here in Security Response. I say "finally" because I had to wait until after I presented my latest one at this year's Virus Bulletin conference held in Vienna. But, I have no excuse for the other paper I presented at last year's Eicarconference in Hamburg, other than the fact that I thought it would bebetter to have both papers ready at the same time because theycompliment each other.
The first one—A Testing Methodology for Antispyware Product’s Removal Effectiveness—waswritten in response to the many testing reviews of antispywareproducts. I felt that after reading many of these product reviews thata lot of the tests were not run as thoroughly or completely as I feltthey should have been in order to highlight the true effectiveness ofthe product. This paper was also written from a product-neutral pointof view (yeah right, you say!). But yes, even though I wrote this paperand I work in Security Response, I think you'll find that it is trulyneutral and the testing methodology does not rely on or highlight anyspecific antispyware product.
The second one—A Testing Methodology for Rootkit Removal Effectiveness—isvery similar, except for one obvious difference. Dealing with threatsthat use stealth and/or rootkit techniques requires some differenttools and testing processes in order to determine the effectiveness ofthe anti-rootkit product. But the underlying message is the same. Learnto monitor the threat and its changes to the system using third partytools rather than letting the product under test dictate the results.
Hopefully you will find these papers helpful if you are involved inindependent testing or internal testing for an antivirus or antispywareproduct.