BILBAO, SPAIN – February 4, 2008 –
The testing of antimalware products has become a very complex task, which requires significant time, knowledge and financial and human resources. Even with such resources, often, the results of antimalware product tests can be questionable. We believe that AMTSO will be able to provide support and guidance to anti-malware product testers on a global basis, particularly through promulgation of testing methodology, experience and advice. We are inspired that so many antimalware companies have joined together through AMTSO to improve the quality of product testing in general, to ultimately provide consumers with accurate and reliable information.
— Pavel Baudis, ALWIL Software
Malware creators are continuously innovating new ways to evade security products. Security software vendors and testers must work together to stop these menaces. For this to happen, vendors must improve and create new protection technologies and testers must check that these technologies are effective. Simple detection rate tests of inactive samples no longer show the full potential of some products. Thus, new testing methods must be applied and common testing standards introduced to cover today’s new and advanced protection technologies.
— Andreas Clementi, AV-Comparatives
Well executed and comprehensive tests will light the way to better products — it is not only the developers who contribute towards the improvement of products. Most developers focus on the aspects of a product which are used to compare and rank products and to finally perform better in such kind of tests. Thus, it is essential for testers to move on the next level of product testing, focusing on everything besides the “traditional” signature detection. If this doesn’t happen, an entire industry might run into trouble and with it, billions of users may be misled by inadequate tests.
— Andreas Marx, AV-Test.org
Consumers and companies alike place significant reliance on third-party testing and certification methodologies when selecting malware protection for their homes and businesses. Because today’s malware is so complex, and its distribution driven to a large extent by professional criminals, it is incumbent upon us as an industry to step up to the plate and provide the level of testing that users can trust to protect their digital assets.
— Karel Obluk, Chief Technology Officer, AVG Technologies
As malware changes and evolves every day, security companies are required to innovate and bring forth new ideas and technologies to keep pace. AMTSO is this kind of organization that will help create an industry standard of how antimalware products should be tested using a fair methodology. The results may give users a chance to look beyond marketing messages and select the best product for their needs.
— Philipp Wolf, Avira GmbH
Today’s security testing typically spotlights only one or two limited forms of protection. Inaccurate conclusions about products’ protective capabilities are often drawn due to this narrow scope. We’re hopeful that our work here will help vendors, testers and consumers understand how controls and protection work side by side for a holistic approach to overall security.
— Mario Vuksan, Bit9
BitDefender views the establishment of AMTSO as a very positive development, in a market environment that has not, so far been known for the ease of evaluating competing products. The AMTSO process and tests should drive up the quality of products from participating vendors, ultimately resulting in better value for all our clients.
— Gavrilut Dragos, BitDefender
AMTSO gives testers who already have a good working relationship with the industry a chance to maintain and build on those links, and that’s good for testers, vendors, and consumers. But it’s also a chance to break down the mistrust between the industry and testers that don’t have such links, and that’s even better.
— David Harley, Research Author, ESET
AMTSO is a welcome development for our industry, as many of the most widely available solution reviews and tests have focused on what is easiest to test, rather than what has most significance for the security level of the end-users.
— Santeri Kangas, Director of Research, F-Secure Corporation
G DATA Software AG
Testing anti-malware products is extremely complex. To be reliable, tests should be independent of product specific protection technologies and reflect the current threat situation. They should also be carried out in an objective, and reproducible way with defined methodologies and lead to representative and meaningful results. For testers and those who order tests it is also important that the results can be delivered quickly and hence cheaply. During the past 5 years, the malware spectrum has changed dramatically. Spyware, botnets, malcode recycling and drive-by-infections have posed new threats to PC users and system administrators. The testing criteria for anti-malware products on the other hand hardly changed, leading to a gap between malware activities and testing scenarios. The combined effort of leading experts in the anti-malware industry and test institutes that AMTSO hopes to provide has the potential to bridge this gap in a vendor-, product- and technology-neutral way. We are happy to contribute to this initiative.
— Ralf Benzmüller, Head of Security Labs, G DATA
International Business Machines Corporation (IBM)
AMTSO brings together the industry’s leading security and risk academics, vendors and testers to provide testing methodologies and standards better suited to evaluate the protection available to combat today’s malware and related security threats. This will in turn benefit end users, who will be empowered to make more informed decisions about the particular security solutions that match their needs.
— Vernon Jackson, manager Virus Prevention Systems, IBM Global Technology Services
Although security software has changed enormously in the last ten years, most tests used today haven’t evolved at the same rate. New and better tests are needed to better assess the effectiveness of new technologies. The founding of AMTSO is a very significant step towards having tests that more accurately reflect the performance of security software in real life situations.
— Roel Schouwenberg, Senior Anti-Virus Researcher, Kaspersky Lab
The traditional methods of testing anti-virus products are inadequate in today’s threat environment as they don’t take into account newer and more advanced levels of protection. We support AMTSO’s efforts, which we believe can result in real-world tests that benefit consumers and corporations alike in choosing where to invest in their computer protection.
— Jeff Green, senior vice president, McAfee Avert Labs
As malware threats become more sophisticated, it has become more challenging for testers to form accurate conclusions about product protection capabilities. We are proud to be a part of the Anti-Malware Testing Standards Organization because we see it as a step toward a positive change in anti-malware testing that can help the industry gain more accurate and comprehensive views of security product effectiveness to help better protect customers.
— Jimmy Kuo, principal architect, Microsoft Malware Protection Center
Most testers have been sticking to the same methodologies (if any) for too many years. These methodologies are incompatible with new technologically advanced methods to detect malware. Not knowing the concept of new technologies often results in flawed comparative results. Norman is proud to participate in the organization to guide them with a described minimum set of requirements for testing to have testers understand that methodologies should be flexible and adjustable to comply with new technological techniques.
— Righard J. Zwienenberg, Chief Research Officer, Norman
The current Internet threat panorama requires the use of new technologies to provide adequate protection for IT systems. However, existing tests only evaluate certain aspects of the various security solutions available. For this reason, any users who simply go by the results of a test that doesn’t fully analyze each and every one of the capabilities of these solutions, will not have an objective perspective of whether a product is truly effective or not. We are convinced that the work of AMTSO — an organization to which we are proud to belong — will mitigate this situation, thereby contributing to improving IT protection for all users.
— Pedro Bustamante, Senior Research Advisor, Panda Security
In the past, companies who have developed leading edge security protections sometimes have been marginalized in testing and reviews due to the fact that legacy methodologies do not evaluate newer, more sophisticated technologies such as behavioral based solutions. We are looking towards open standards and guidelines for testing both traditional protection and more sophisticated, less understood protection capabilities.
— Kurt Baumgartner, PC Tools
There is a desperate need for new test standards for anti-virus products, as the current tests reveal little about how well technologies perform when deployed on real consumers’ machines. We are excited to participate in AMTSO, creating test standards that better measure product efficacy, which will ultimately benefit the consumer.
— Matthew Williamson, Principal Scientist, Sana Security
Secure Computing Corporation
Testing methodologies of anti-malware solutions must mirror the true magnitude of malware threats today, as these reviews often serve as the sole source of information for customers. As a member of the Anti-Malware Testing Standards Organization, Secure Computing is committed to the development of fair and independent tests.
— Ken Rutsky, vice president, product marketing, Secure Computing Corporation
No one is in any doubt that the malware problem, driven by financial gain and organized criminal gangs, has become more serious in recent years. Fortunately, security vendors have developed more advanced methods to proactively counter these threats with greater efficiency than ever before. However, traditional tests are become increasingly irrelevant as they fail to take into account the new technologies built into security solutions. One of AMTSO’s objectives is help drive better real-world tests for everyone, which will benefit all computer users looking for the highest level of protection.
— Stuart Taylor, SophosLabs Manager, Sophos
We are pleased to be a part of AMTSO, which we believe represents a necessary and dramatic change in security software testing. We’re hopeful that our work here will help vendors, testers and consumers derive a more holistic view of a security technology’s overall protection.
— Mark Kennedy, Distinguished Engineer, Symantec Corporation
Because of the constant change in the threat landscape, it’s imperative for AV vendors and testers to work together to promote and adapt the best solutions that can effectively address emerging threats for our customers.
— Alice Decker, senior researcher, Trend Micro’s Advanced Threats Research
Over the past years the typical user experience and behavior has changed regarding AV protection. Previously, the first line of defense was the on-demand scanning component of their virus scanner. Today on-demand scanning is still a valuable part of the defense, but lost in importance. Users rely much more on access protection mechanisms, and multi-layered defense solutions. This paradigm change has not yet been reflected in the AV testing methodologies. We have to work on bringing AV tests closer to today’s demands and practices.
— Gabor Szappanos, Virusbuster Ltd.
About the Anti-Malware Testing Standards Organization (AMTSO)
AMTSO is dedicated to helping improve the objectivity, quality and relevance of anti-malware technology testing. AMTSO membership is open to industry-wide academics, reviewers, testers and vendors, subject to guidelines determined by AMTSO.
Additional information regarding the organization, including charter documents, membership and educational materials are available on the AMTSO website at www.amtso.org.