[WEB SECURITY] How to perform Antivirus Security Testing

Josh More guppie at starmind.org
Wed Apr 20 13:17:21 EDT 2011


Don't bother.

Seriously, the top players are:  Symantec, McAfee, Trend Micro, Kaspersky
and Sophos.  Read the "independent" reviews and these five are always at the
top.  Look at the scores from places like http://www.virusbtn.com/ and these
five are always there.  Odds are that one of them will work for you just
fine.  (I usually pick Sophos for my clients.)

Then look at the extra features.  Learn why each one is necessary (note:
they all exist to supplement flaws in the legacy signature-based system).
Figure out which features you need and throw out the vendors that don't
provide them.

Then look at the UI's.  If it will be difficult to use one of the systems in
operations, throw it out.  Find out if any of the admins are biased against
a system (Symantec is a popular one for admins to hate.)  You get more
problems with malware from admins who resist caring for the system than you
get from systems failing to catch stuff.

Then look at the licensing.  If you can't understand it or if they're
nickel-and-diming you on price, throw them out.  It's not worth the pain
otherwise.

If this process doesn't get you down to a single vendor, look at how they
handle 24/7 support and make test support calls.  If their support is poor,
throw them out.  If they don't offer 24/7, throw them out (malware doesn't
wait for sun-up).  If they force their people to work more than an eight
hour shift, throw them out.

This process will get you a solution that meets real world needs.  If you
try to test from a technical perspective, you're just going to be selecting
the system that best protects against attackers that think just like you
do... which you've already protected against through system hardening and
network design.

-Josh More

On Tue, Apr 19, 2011 at 11:28 PM, prashant Kar <kar.prashant at gmail.com>wrote:

> Dear All,
>
> Kindly guide me on how to do antivirus application security testing.
>
> Any tools/methodology/approach/checklist that will help, please suggest.
>
> Best Regards,
> Prashant
>
> --
> Technical Skill is the mastery of complexity,
> while Creativity is the master of simplicity.....
>
> The Future Belongs To Those Who Believe in The Beauty of Their Dreams.
> Keep up the spirit!!!!
>
> Prashant Kar
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110420/842a4d90/attachment-0003.html>


More information about the websecurity mailing list