Home > All, Security Issues > A comment on my own AMTSO article

A comment on my own AMTSO article

I feel I need to make a comment about the article Anti Malware Testing Standards Organization: a dissenting view. There is a war of words in the comments; which is a good thing. But I’m afraid that my own message might get lost in all this. It is:

  • the anti-malware industry is a good and necessary thing to keep us as safe as possible on the internet
  • I have the highest regard for the technical people in that industry: no-one can doubt that the internet is a safer place for the work of people like Mikko Hypponen, Chet Wisniewski, David Harley, Luis Corrons, Graham Cluley, Rik Ferguson and all the others
  • my concern is the way in which that industry markets itself
  • use of the WildList in testing allows the industry to claim 100% success against viruses; and this is dangerously misleading and should be stopped
  • the anti-malware testing industry is a parasite (I mean this biologically, not insultingly) on the anti-malware industry
  • I do not believe that the anti-malware testing industry can tell us very much about the anti-malware products
  • the declared intention of AMTSO, to put trust and confidence and accuracy into anti-malware testing, is good
  • the structure of AMTSO, an incestuous relationship between most vendors and most testers with no inclusion of users, is bad: it is too open to abuse and misuse
  • the argument between Sophos and NSS is irrelevant; if not them now, it will be other protagonists in the future: this is inevitable
  • AMTSO should be dissolved. A new organization with user companies at the heart, funded by the anti-malware industry and with the same intent, should be deployed. The anti-malware industry and the anti-malware testing industry should have representation on that new organization, but no controlling influence.

Categories: All, Security Issues
  1. July 2, 2010 at 3:24 pm

    “my concern is the way in which that industry markets itself”

    mine too, but i’m not about to spread the blame around to people who have no control over marketing.

    “use of the WildList in testing allows the industry to claim 100% success against viruses; and this is dangerously misleading and should be stopped”

    ‘opening your mouth allows people to twist your words into things you never said; and this is dangerously misleading and should be stopped’

    “the anti-malware testing industry is a parasite (I mean this biologically, not insultingly) on the anti-malware industry”

    the biological meaning *is* insulting. i’m sure you actually meant symbiote, rather than parasite as parasite implies that the host derives no benefit from the relationship and it really doesn’t seem like you believe the anti-malware industry derives no benefit from the testing industry.

    “I do not believe that the anti-malware testing industry can tell us very much about the anti-malware products”

    they don’t aim to tell you very much, only one of the following: which ones meet the criteria of a baseline on quality (usually set fairly low) or how the products compare to one another.

    “the structure of AMTSO, an incestuous relationship between most vendors and most testers with no inclusion of users, is bad: it is too open to abuse and misuse”

    what precisely do you think the layman can bring to the scientific method?

    Like

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s