Testing latest Virus Definitions
How to ensure that our AV software can handle the latest Virus defination. Is there any global repositories where these viruses are defined and which can be used for Testing?[o:p][/o:p]
Software/Hardware used:
Software/Hardware used:
ASKED:
December 31, 2009 9:57 AM
UPDATED:
January 15, 2010 9:45 PM
Answer Wiki:
Each reapository will tell you what you are downloading but for testing purposes, you need to create a lab for yourself. No one, other than yourself, has the software, nor the configuration and knowledge of how you do business than youself. That is why, when downloading patches and av, large corporations and government agencies will first download the software to their internal labs where they have different computers set up with the different environments for testing. After rigourous testing, for a period of time, if all goes well, then the patches and av is distributed to the working environment. I would not want to be the one to send something out to the working environment without first testing it and wind up bringing down, say, an major sql database. I know this is not the answer you wanted, but, it is the right answer.
To see all answers submitted to the Answer Wiki: View Answer History.
From where to download these virus definations?
well, virus definitions are downloaded from the AV servers, should i say the makers of the anti-virus you have installed on your network/computer
Here are some tips From a SANS “OUCH” article on anti-malware choices & testing:
“Get some good bets by reading comparative reviews of competing
products published by third-parties, such as PCWorld, Consumer Reports,
and MacWorld.
- – Hedge your bet by opting for a trial version, if available, and one
that you can upgrade to a full subscription without reinstalling.
- – Weigh effectiveness, performance, features, support and, lastly,
price-at most a difference of $30/year.
- – Verify that the product includes anti-virus, anti-spyware,
anti-phishing, anti-spam, a two-way software firewall, and automatic
online updating.
- – Performance and effectiveness are judged best by the results of
professional testing, like those performed by AV-test.org and
http://www.av-comparatives.org.”
Some other thing to consider are applicability to your industry and useability. And please remember that AV solutions are only a part of the multi-tiered security solution that you should have protecting your business.
Hope this helps!
“K”
How to ensure that we have all types of virus defination ?
Just like the “EICAR” file? Are there any other test files available?
Can we define a virus for testing?
Most discussion here is loosing off my orifinal question :
How to ensure that our AV software can handle the latest Virus defination .
I am testing a AV named say ” ABC” .
There is another reputed AV say XYZ. A virus called say “XX” which is detected by XYZ , may be passsed undetected by ABC. How will we test AV ABC for various various definations. My understanding is vairus definations are available when a AV updated from AV server.
While testing , how do i get a affected files/data to test this definations?
How do i ensure that realaiablity of this file/data i am using for testing ?
If you didn’t find the information at the http://www.av-test.org or http://www.av-comparatives.org on the “blacklisting” products maybe “whitelisting” is the way you should go. Where blacklisting searches your system for known malware and then eliminates the known bad program. Whitelisting continuously searches your network for authorized programs and eliminates anything else. http://www.Lumension.com is a good place to start.
P.S Another good site to find out more on “Common Vulnerabilities and Exposures (CVE)”
is http://cve.mitre.org