SecurityRatty: Trend Micro Fed Up With WildList Testing

This is cache of http://feeds.ziffdavisenterprise.com/~r/RSS/cheap_hack/~3/308226153/trend_micro_fed_up_with_wildlist_testing.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.

Trend Micro Fed Up With WildList Testing

2008-06-09 14:45:29 by Editor in Cheap Hack

Since my recent column on the failures of the WildList and anti-malware certification there has been a small firestorm of commentary in the anti-malware community on the subject. In e-mail and security list discussions both pro- and con- arguments have been bandied about. For instance, Andreas Marx (who, it must be said, is a competitor of the WildList-based services) pointed to a presentation he and Frank Dessmann made at the Virus Bulletin 2007 conference called "The WildList is Dead, Long Live the WildList!". In it they show how small, poorly-chosen and out of date the malware sample in the WildList is. VB100 certification, which is a contract test performed by certain labs to verify detection of all items in the WildList, has been a marketing imperative for years. Now it turns out that Trend Micro, one of the largest companies in the business, is turning its back on the WildList and VB100 certification. I contacted Raimund Genes, CTO Anti-Malware at Trend Micro, and asked him to thank me for inspiring their new policy, but it turns out they have been thinking about it for a while. It's not just the problems in the content of the WildList, it's also the test procedures. WildList testing is performed off the Internet, on an isolated LAN. I actually did some of this testing many years ago and the systems doing the tests were completely offline. Back then (it must have been 1999 or 2000) it might have been defensible, but now products like Trend Micro's use online reputation services in order to avoid false positives and detect new threats, so there's no way you can do a good test offline anymore. The presumption, and it's a fair one, is that their customers will be online so you may as well take advantage of the fact. While there are good testing services available, there's nothing quite like the WildList for a benchmark. The results from thorough evaluation of anti-malware software are complex and difficult to evaluate, unlike a simple checkmark. This is a problem, because marketing matters and customers can't be expected to evaluate all the data.