250 likes | 269 Views
Checkvir Realtime Anti-Malware Testing and Certification. Dr. Ferenc Leitold, Veszprog Ltd. fleitold@veszprog.hu www.checkvir.com. Purpose of Checkvir testing Testing methodology Technical background Testing procedures Current state Difficulties Questions. Contents.
E N D
Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd. fleitold@veszprog.hu www.checkvir.com
Purpose of Checkvir testing Testing methodology Technical background Testing procedures Current state Difficulties Questions Contents
Purpose of Checkvir testing • Problems: • Big number of updates • Cloud technology • Solutions are continually changing • Testing all versions are impossible Number of updates / day source: AV-Test.org
Purpose of Checkvir testing • Testing all versions are impossible • Executes tests as frequently as possible • Automatic methods have to be developed • Big number of computers have to be used
Purpose of Checkvir testing • The main purposes: • Provide reliable, correct and exact information mainly about: • effectiveness • performance • in a balanced way • (AMTSO’s principle) • Provide naming cross-reference information effectiveness performance
Testing methodology update test Unpack previous image Unpack last image Initialize testing AV update Execute test(s) no New version? Save results and reports yes Pack and save the new image Analyze results Publish results
Testing methodologyTechnical background firewall “malware proxy” server webserver controller firewall & router archiver clients
Testing methodologyTesting procedures • Malware knowledge (detection, disinfection) • against known, unknown malware and clean files • on-demand, on-access and proactive executions • “Container” checking capabilities • archives, email clients’ data files, … • Speed • on-demand, on-access • boot time • Functionality • Stability • … knowledge speed
Testing methodologyTesting procedures Why the speed is so important?
Testing methodologyTesting procedures Testing bootup time What is more important? BOOTUP TIME or SECURE BOOTING DEMO
Testing methodologyTesting procedures Bootup protection test Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster
Testing methodologyTesting procedures Bootup protection test Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster
Testing methodologyTesting procedures Bootup protection test Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster
Testing methodologyTesting procedures Bootup protection test Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster
Testing methodologyProactive tests vs. AM cloud technology Problems: • AM products use cloud technology • > traffic should be allowed • Malware use cloud technology • > traffic should be allowed • > How can we protect the world? • > How can we provide exactly the same environment for solutions?
Testing methodologyProactive tests vs. AM cloud technology firewall “malware proxy” server webserver controller firewall & router archiver clients
Testing methodologySettings • By default, DEFAULT settings are used • Minimal functionality is required: • Execute tests without user interaction • Automatically clean the infected file (if not possible -> delete) • Report file generation
Current state What is working now? • The frame system • The website • Automatic procedures of some products • Preliminary selection and validation of the samples
Difficulties • Viewpoint of the average user Automatic methods • Testing environment • Funcionality problems • Truncate report file • Stability problems