Presentation is loading. Please wait.

Presentation is loading. Please wait.

EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd.

Published bySamson Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd."— Presentation transcript:

1 EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd. fleitold@veszprog.hu www.checkvir.com

2 EICAR 2009, 12 May 2009 Contents Purpose of Checkvir testing Testing methodology –Technical background –Testing procedures Current state Difficulties Questions

3 EICAR 2009, 12 May 2009 Purpose of Checkvir testing AVG1,7 ESET2,6 F-PROT1,2 F-Secure5 Kaspersky23,2 McAfee35,4 Panda44,7 Sophos5,4 Sunbelt0,6 Symantec233,4 VirusBuster1 source: AV-Test.org Number of updates / day Problems: Big number of updates Cloud technology Solutions are continually changing Testing all versions are impossible

4 EICAR 2009, 12 May 2009 Purpose of Checkvir testing Testing all versions are impossible Executes tests as frequently as possible Automatic methods have to be developed Big number of computers have to be used

5 EICAR 2009, 12 May 2009 Purpose of Checkvir testing The main purposes: Provide reliable, correct and exact information mainly about: - effectiveness - performance in a balanced way (AMTSO’s principle) Provide naming cross-reference information performanceeffectiveness

6 EICAR 2009, 12 May 2009 Pack and save the new image AV update Unpack previous image Publish results Unpack last image New version? Initialize testing Execute test(s) Save results and reports Analyze results yes nono Testing methodology updatetest

7 EICAR 2009, 12 May 2009 Testing methodology Technical background clients “malware proxy” server webserver controller archiver firewall firewall & router

8 EICAR 2009, 12 May 2009 Testing methodology Testing procedures Malware knowledge (detection, disinfection) –against known, unknown malware and clean files –on-demand, on-access and proactive executions “Container” checking capabilities –archives, email clients’ data files, … Speed –on-demand, on-access –boot time Functionality Stability … speedknowledge

9 EICAR 2009, 12 May 2009 Testing methodology Testing procedures Why the speed is so important?

10 EICAR 2009, 12 May 2009 Testing methodology Testing procedures

11 EICAR 2009, 12 May 2009 Testing methodology Testing procedures Testing bootup time What is more important? BOOTUP TIME or SECURE BOOTING DEMO

12 EICAR 2009, 12 May 2009 Testing methodology Testing procedures

13 EICAR 2009, 12 May 2009 Testing methodology Testing procedures Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster Bootup protection test

14 EICAR 2009, 12 May 2009 Testing methodology Testing procedures Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster Bootup protection test

15 EICAR 2009, 12 May 2009 Testing methodology Testing procedures Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster Bootup protection test

16 EICAR 2009, 12 May 2009 Testing methodology Testing procedures Avast AVG Avira Bitdefender Eset e-Trust F-Prot F-Secure Fortinet Ikarus Kaspersky Microsoft Rising Sophos Symantec Trend Micro VirusBuster Bootup protection test

17 EICAR 2009, 12 May 2009 Testing methodology Proactive tests vs. AM cloud technology Problems: AM products use cloud technology –> traffic should be allowed Malware use cloud technology –> traffic should be allowed –> How can we protect the world? –> How can we provide exactly the same environment for solutions?

18 EICAR 2009, 12 May 2009 Testing methodology Proactive tests vs. AM cloud technology clients “malware proxy” server webserver controller archiver firewall firewall & router

19 EICAR 2009, 12 May 2009 Testing methodology Settings By default, DEFAULT settings are used Minimal functionality is required: –Execute tests without user interaction –Automatically clean the infected file (if not possible -> delete) –Report file generation

20 EICAR 2009, 12 May 2009 Current state What is working now? The frame system The website Automatic procedures of some products Preliminary selection and validation of the samples

21 EICAR 2009, 12 May 2009 Current state

22 EICAR 2009, 12 May 2009 Current state

23 EICAR 2009, 12 May 2009 Current state

24 EICAR 2009, 12 May 2009 Difficulties Viewpoint of the average user Automatic methods Testing environment Funcionality problems –Truncate report file Stability problems

25 EICAR 2009, 12 May 2009 Questions

Download ppt "EICAR 2009, 12 May 2009 Checkvir Realtime Anti-Malware Testing and Certification Dr. Ferenc Leitold, Veszprog Ltd."

Similar presentations

Solutions for businesses. Keep It Secure Contents Protection objectives Network secured Supplementary products Unique.

Solutions for businesses. Keep It Secure Contents Protection objectives Network secured Supplementary products Unique.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.

Microsoft Security Solutions A Great New Way of Making $$$ !!! Jimmy Tan Platform Strategy Manager Microsoft Singapore.
Warren Toomey North Coast TAFE Port Macquarie campus

Warren Toomey North Coast TAFE Port Macquarie campus
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.

1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Kaspersky Labs 6 ht Annual Partner Conference · Turkey, June 2-6 2004 Kaspersky Labs 6 th Annual Partner Conference · Turkey, 2-6 June 2004 VII Kaspersky.

Kaspersky Labs 6 ht Annual Partner Conference · Turkey, June Kaspersky Labs 6 th Annual Partner Conference · Turkey, 2-6 June 2004 VII Kaspersky.
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Samir Mody (Sophos/K7Computing) Igor Muttik (McAfee) Peter Ferrie (Microsoft)

Samir Mody (Sophos/K7Computing) Igor Muttik (McAfee) Peter Ferrie (Microsoft)
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
INTRODUCTION. We are a company dealing with software products and solutions. Established in 1996. Offering Network Security Data Protection and Cloud.

INTRODUCTION. We are a company dealing with software products and solutions. Established in Offering Network Security Data Protection and Cloud.
Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.

Jayesh Mowjee Security Consultant Microsoft Session Code: SIA203.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.

Customized solutions. Keep It Secure Contents  Protection objectives  Endpoint and server software  Protection.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.

Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.

Towards Extending the Antivirus Capability to Scan Network Traffic Mohammed I. Al-Saleh Jordan University of Science and Technology.
1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.

1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.
KASPERSKY SECURITY FOR STORAGE Product Launch Presentation Global B2B Product Marketing Teams.

KASPERSKY SECURITY FOR STORAGE Product Launch Presentation Global B2B Product Marketing Teams.

Similar presentations

Ads by Google