Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Chapter 10: Antimalware Evaluation and Testing > Solutions Fast Track - Pg. 493

Antimalware Evaluation and Testing · Chapter 10 493 If a non-malicious file is flagged as suspicious, that isn't usually taken as a FP. If the last of these eventualities takes place in the real world, the end site or end user may decide to play safe and assume malice. So it can be argued that the vendor evades the risk of FPs by transferring the decision and therefore the risk to the cus- tomer. (See point two in the conclusion to Dr. Solomon's article.) However, most rep- utable testers seem comfortable with this paradox, which may be further mitigated if the product makes the distinction between "malicious" and "suspicious" very plain to the customer or offers good technical support to customers wherein such an issue can be swiftly dealt with. Before we wrap this chapter up, we want to point to a couple of other resources: "Real World Anti-Virus Product Reviews And Evaluations ­ The Current State Of Affairs" by Sarah Gordon and Richard Ford (http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper019/ final.PDF) discusses problems and alternatives relating to AV product evaluation, including input from the research community after the original paper. While it's a little dated, it's still an excellent discussion of some basic issues. "A Reader's Guide to Reviews," originally published in "Virus News International" and credited to Sarah Tanner, was actually written by Dr. Alan Solomon (is there no getting away from this man?). Since it dates back to 1993, it's obviously not current, but as a hint of the many ways that an antimalware product review can be biased (intentionally or otherwise) it's indispensable. (www.softpanorama.org/Malware/Reprints/virus_reviews.html) Finally, we'd like to emphasize that we haven't finished with the topic of evaluation and testing. We will revisit it elsewhere, at much greater length. See www.smallblue- greenworld.co.uk/pages/avienguide.html for further information. Solutions Fast Track Antimalware Product Evaluation Product evaluation falls largely into six main areas: Configurability, Cost, Ease of Use, Functionality, Performance, and Support Issues. Evaluation methodologies include comparing reviews from general information resources, specialist reviews, and in-house evaluation and testing. Configuration is highly subjective, due to the wide variation between requirements in different environments. There's a great deal more to cost than unit cost. Consider also deployment costs, administration costs, support costs (in-house and external), and incident management. www.syngress.com