SpeakerTypeLightning Talk AbstractAnti-malware protection is continuously changing. 25 years ago security products were able to be tested against all known existing threats. Protection solutions changed only a few times a year. At that time, all protection benchmark tests were repeatable. Nowadays both the threats and the solutions are changing continuously. In this paper the possible solutions for how to execute a protection test in this situation will be presented. For reliable testing what can a tester do to provide comparative results? The following problems exist: - During the test the protection requires a cloud connection to function properly. But the tester has to protect the public from the tested threat while potentially infected test computers are on the net.
- Attack samples have to be presented to all tested products at the same time. Otherwise an advantage might occur for one of the products being compared in the test.
- Malicious content (even if it comes from the net using a malicious URL) must be the same for all products. Thus the malicious content has to be cached and provided to the testing clients.
|
|
