How to Assess the Effectiveness of your Anti-virus?

I will present an approach whose purpose aims at supporting and making easier and more relevant the choice of an anti-virus product. Among the qualities, which one can expect from an anti-virus product, appear classically the optimal use of the resources and the reactivity of the manufacturer, particularly concerning the viral signature base update. If these requirements are significant, other methodical and technical verifications may be required in order for an individual or a company to make their choice. In the Common Criteria evaluation scheme, a protection profile is proposed to help a software manufacturer to design a product that should be evaluated by an independent security evaluation laboratory. Protection profiles are written in accordance with the Common Criteria standard. Starting from a protection profile, we list some tests that could be carried out to validate the security requirements of an anti-virus product. Both use of a protection profile and the specification of tests seem to be a valuable basis to measure the confidence to grant an anti-virus product.

[1]  Jane West,et al.  Coast to coast , 2006 .

[2]  Galen C. Hunt,et al.  Detours: binary interception of Win32 functions , 1999 .

[3]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[4]  Eric Filiol,et al.  Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis: the Bradley Virus 1 , 2004 .

[5]  Iain D. Craig,et al.  Virtual machines , 2005 .

[6]  A. Kohn [Computer viruses]. , 1989, Harefuah.

[7]  Wenke Lee,et al.  Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic , 2005 .

[8]  Erez Zadok,et al.  Avfs: An On-Access Anti-Virus File System , 2004, USENIX Security Symposium.

[9]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[10]  Andrew H. Sung,et al.  Static analyzer of vicious executables (SAVE) , 2004, 20th Annual Computer Security Applications Conference.

[11]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[12]  Jesse C. Rabek,et al.  Detection of injected, dynamically generated, and obfuscated malicious code , 2003, WORM '03.

[13]  Eric Filiol,et al.  Malware Pattern Scanning Schemes Secure Against Black-box Analysis , 2006, Journal in Computer Virology.

[14]  Liu Li-li Analysis of Buffer Overflow Attacks and Defenses , 2003 .

[15]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[16]  U. Bayer,et al.  TTAnalyze: A Tool for Analyzing Malware , 2006 .

[17]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[18]  John Aycock,et al.  Anti-disassembly using Cryptographic Hash Functions , 2006, Journal in Computer Virology.