It’s reasonable to assume that the Epsilon fiasco will lead to an epidemic: at any rate, luminaries such as Brian Krebs and Randy Abrams are making that assumption, and publishing some excellent proactive advice accordingly. So rather than go over the same ground, I’ll just cite some of the more useful blog posts around that.
They say there’s no such thing as bad publicity, though quite who ‘they’ are, and why ‘they’ would make such a clearly daft statement is beyond me. It seems that AMTSO has had it’s fair share of bad publicity recently – a further example is the piece by Ed Moyle over on his blog at http://www.securitycurve.com/wordpress/archives/1773. It’s a long article, but it does show that Ed clearly doesn’t understand (or doesn’t want to accept) what AMTSO is trying to do – maybe that does just mean that AMTSO needs a better PR representation. Anyway, once again Kurt Wismer (or perhaps I should adopt his anti capitalist rendering and use kurt wismer) has provided some excellent analysis of Ed’s piece over on his blog at http://anti-virus-rants.blogspot.com/2010/07/i-see-standards-organization.html
There’s little more that really needs to be said from my perspective. For the record, I personally agree with Kurt (just can’t seem to get my head around the ‘kurt’ thing), in his analysis of the NSS report done by AMTSO – which seems to be at the root of this whole anti AMTSO campaign. The central point is that NSS did a good job, and came very close to the ideal – (if you haven’t read the review, then it’s here). It’s unfortunate that that has been taken as a negative thing or a slight against them to say that they did not fully meet the ideal standard set by AMTSO – it was still far better than many other tests, and I have every hope that people are sensible enough to recognise that. It’s hard for me to see quite how Ed jumps from that report to an accusation that AMTSO is ‘Slapping the labs’ – an argument even harder to see when a lab like Dennis Technology Lab (who have very similar methodology to NSS) voluntarily submitted their own test for the AMTSO review process (see the report here).
If there’s one thing we can learn from this, it’s that it does seem that there’s a double standard here – testers can criticise AV vendors with impunity in their reviews and tests of AV products, but when someone tries to apply that same process and rigour to the tests done by those testers, that is somehow anathema. Personally, I think that’s shoddy thinking, and I have no doubt that AMTSO will continue to strive, as it has done from inception, to provide the public with an insight into tests, and to support good testing practice (and incidentally point out less than ideal practice where needed).
It sometimes seems like I’ve spent the last twenty years trying to persuade Mac users that using a system named after a fruit doesn’t mean that there are no snakes in Eden or that angels will protect you from all harm.
Not, perhaps, completely in vain, but apparently many of the old Mac evangelist mindsets continue to prevail, irrespective of the true nature of the threatscape. (Macs don’t get viruses, Trojans don’t matter, there are no Mac vulnerabilities and if there were they’d be fixed immediately, social engineering is irrelevant, Microsoft Bad/Apple Good, blah….) There is a polite but nonetheless naive article that more than hints at this mindset here: