Security Software industry takes first steps towards forming anti-malware testing standards

February 2, 2008


Parties converge to address objectivity, quality and relevance of current anti-malware testing methodologies.

More than 40 security software technologists and anti-malware testers from around the world recently met in Bilbao, Spain to formalize the charter of the Anti-Malware Testing Standards Organization, or AMTSO. The formation of AMTSO has been driven by industry-wide concern about the increasing mismatch between what anti-malware technologies actually do, and the testing methodologies used to evaluate them. As anti-malware solutions become more complex, many existing tests are unable to evaluate product effectiveness properly, resulting in product reviews that are sometimes incomplete, inaccurate and misleading.

AMTSO is focused on addressing the global need for improvement in the objectivity, quality and relevance of testing methodologies. The organisation also aims to promulgate universally adopted standards and guidelines for anti-malware testing. The vision for AMTSO was formed in May 2007during the International Antivirus Testing Workshop in Reykjavik, Iceland, and developed further during the Antivirus Asia Researchers Conference in Seoul, South Korea last December. Pursuant to its preliminary charter, AMTSO will:

  1. Provide a forum for discussions related to the testing of anti-malware and related products;
  2. Develop and publicize objective standards and best practices for testing of anti-malware and related products;
  3. Promote education and awareness of issues related to the testing of anti-malware and related products;
  4. Provide tools and resources to aid standards-based testing methodologies; and,
  5. Provide analysis and review of current and future testing of anti-malware and related products.

Hosted by Panda Security, the meeting in Bilbao included representatives from the industry’s leading companies and testing organizations.

Pedro Bustamante, Senior Research Advisor, Panda Security said: “The current Internet threat panorama requires the use of new technologies to provide adequate protection for IT systems. However, existing tests only evaluate certain aspects of the various security solutions available. For this reason, any users who simply go by the results of a test that doesn’t fully analyze each and every one of the capabilities of these solutions, will not have an objective perspective of whether a product is truly effective or not. We are convinced that the work of AMTSO – an organization to which we are proud to belong - will mitigate this situation, thereby contributing to improving IT protection for all users”.