Platinum Product Test Report Kaspersky Lab Anti ... - West Coast Labs

More documents

Recommendations

Info

Kaspersky Lab Product Performance Validation Testing & Certification Malware Test Suites Malware in Real Time Testing In Real Time testing and the Checkmark Platinum Product Award programme, both new and older malware still circulating (providing that it has been received in the recent past) are used, being tested within a few minutes of their arrival at WCL. Malware is transmitted through the appropriate attack vectors in which they are received – FTP, HTTP, SMTP, Mal URL or P2P. Malware in Checkmark Baseline Testing WCL’s static Checkmark malware certifications normally use both Real Time samples and also slightly older malware, sometimes derived from sources such as the Wildlist but usually being malware that was received in recent months and chosen from the most prevalent receipts. Malware in Custom Testing For a custom test larger quantities of malware are used, including some older malware to verify that the users are still protected against historical samples, and showing no bias in favour of or against any particular product under test, including any regional bias (unless the terms of the test so require). It is necessary to have a balance of malware from around the world because a predominance of malware obtained in one area of the world will discriminate against those companies with less exposure to that market. This is ensured through WCL’s corporate network research plus receipts from WCL’s honeypot and honeyclient networks across the globe. Page 34 of 40
Kaspersky Lab Product Performance Validation Testing & Certification Malware Test Suites With so much new malware appearing each day, it is necessary to concentrate on that malware that is most frequently found (or prevalent), and that attacks via the methods protected by the system under test; it is, for example, pointless sending “drive-by” malware through an email security product - it would never normally be spread by email and so the product will never be expected to deal with it. It is also important to make certain that the malware used reflects what users are genuinely seeing. Older malware endures in the real world for years after its appearance, and products must therefore maintain defences against it. It is tempting to reduce system overheads by removing older definitions, but this must not be done if the user is then left at risk. All WCL’s static collections therefore include an element of malware that is not new but that is still bombarding honeypots and users’ systems, to confirm that protection against it is still effective. There are many sorts of malware, including (though not exclusively) viruses of a number of types, worms (spreading both by email and across networks), bots, downloaders, backdoors, Trojans and keyloggers. The Checkmark certifications divide them into three large groups, Trojans, Spyware and Viruses. Real Time testing covers any malware using the diffusion methods under test, and a custom test will include whatever may be required by the specifications of the test. The collation of West Coast Labs’ test suites also includes a number of processes ensuring that samples used are viable, valid and appropriate – any samples found to be unusable are discarded unless there is a specific reason for them being in the test suite, for example, testing against samples reported as corrupted. Page 35 of 40
Page 1 and 2: TEST REPORT December 2010 Kaspersky
Page 3 and 4: Kaspersky Lab Product Performance V
Page 33: Kaspersky Lab Product Performance V

Platinum Product Test Report Kaspersky Lab Anti ... - West Coast Labs

Create successful ePaper yourself

Delete template?

Save as template?