Four Fs of anti-malware testing: A practical approach to testing endpoint security products

This paper presents a practical approach to testing anti-malware products, focusing on the following four areas: 1. Defining the scope of the test, 2. Interpreting the test results, 3. Methods of data collection and 4. Managing the financial costs of a test. I will also note a number of common mistakes that testers make and explore some of the technical and non-technical challenges that testers face, including attacks on test methodologies by the anti-malware industry and other third-parties. While the principles discussed apply to many types of anti-malware testing, on different platforms, this paper addresses specific issues relating to testing anti-malware products that run on x86/64 platforms and exposing them to `live´ malware threats that actively attack systems on the internet at the same time.