vb_2002_presentation

vb_2002_presentation - Retrospective Testing How Good...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Retrospective Testing - How Good Heuristics Really Work Andreas Marx amarx@gega-it.de AV-Test.org University of Magdeburg GEGA IT-Solutions GbR
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Retrospective Testing I What it is: Use an old (archived) version of an anti- virus program. .. …and test it against the most current viruses (that were not known at the date of the last product update)… … to find out how good the heuristic and generic detection of an av program really works Better than using VCKs or self-written viruses!
Background image of page 2
Retrospective Testing II The main critical point by av researchers: Such a test shows only something about the past, but nothing for the future But that‘s wrong! (Why have we learned history at school?) Therefore, we should learn from the past (good and bad points) for improvements in the future
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Retrospective Testing III What can be compared? Sure. .. detection scores for different types of malware (ITW and Zoo), but also: Speed differences, database sizes (updates), number of virus signatures (what the program claims to detect), false positives, disinfection rates, scores of archived and compressed files, relations between these values etc.
Background image of page 4
Retrospective Testing IV Our test methodology We have compared 20 different engines (not products) for a period of more than one year now We have collected all updates bi-weekly But I don‘t want to overflood you with all 75.000+ single entries in the XLS sheet, therefore I‘ve only picked out a few interesting issues from 15 different products
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Virus Signature Database I Let‘s start with virus signature databases.
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/17/2012 for the course PPE 253 taught by Professor Mellers during the Fall '11 term at UPenn.

Page1 / 26

vb_2002_presentation - Retrospective Testing How Good...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online