Anti-malware Testing Undercover

Thursday 6 October 11:00 - 11:30, Red room

Righard Zwienenberg (ESET)
Luis Corrons (Panda Security)

(This VB2016 reserve paper will be presented Friday 7 October at 14:00 in the Small Talks room unless otherwise required on the main programme)

In this talk we will cover four different topics related to anti-malware testing:

  1. How tests influence anti-malware development: It is normal, even desirable, for testing to influence the development of security solutions in such a way that they can improve (protection, performance, usability, etc.). However this is not always the case, and we'll describe different real scenarios where vendors have been 'forced' to develop certain characteristics in their software in order to please testers, or at least to obtain good results in tests even though that development did not improve anything from the final user's point of view.
  2. How anti-malware vendors influence tests: What have vendors done and what do vendors currently do in order to influence testers? What is behind this lobby pressure? In this section we will illustrate real cases showing what testers have to face in order to maintain their objectivity.
  3. Cheating: We'll cover anti-malware test cheating since the beginning of time, showing all kinds of different cheating from vendors, testers and publishers.
  4. Cloud: Cloud technologies have been a game changer for most vendors, amplifying their protection capabilities and improving their response times. Testers have faced challenges in order to properly test anti-malware solutions with cloud capabilities. However, we will talk about a different issue: cloud adoption has narrowed the line of what is and isn't cheating, and testers may not be aware of all the information that vendors can have about their tests in real time, cheating becoming something that depends on the good faith of each vendor. We'll cover the main risk scenarios where cloud technology is involved.

Click here for more details about the conference.


Luis Corrons

Luis Corrons has been working in the security industry for more than 17 years, specifically in the anti-virus field. He is Technical Director at PandaLabsPanda Security's malware research lab. Luis is a WildList reporter, member of the Board of Directors of AMTSO (the Anti-Malware Testing Standards Organization) and a member of the Board of Directors of MUTE (Malicious URLs Tracking and Exchange). He is also a top rated industry speaker at events like Virus Bulletin, HackInTheBox, APWG, Security BSides, etc. Luis also serves as liaison between Panda Security and law enforcement agencies, and has helped in a number of cybercriminal investigations.




Righard Zwienenberg

Zwienenberg started dealing with computer viruses in 1988 after encountering the first virus problems at the Technical University of Delft. His interest thus kindled, Zwienenberg has studied virus behaviour and presented solutions and detection schemes ever since. Initially, he started as an independent consultant, in 1991 he co-founded CSE Ltd, where he was Research and Development Manager. In October 1995, Zwienenberg left CSE and one month later he started at the research and development department of ThunderBYTE. In 1998, Norman Data Defense Systems acquired ESaSS and Zwienenberg joined the Norman Development team to work on the scanner engine. In 2005, Zwienenberg took the role of Chief Research Officer at Norman. After AMTSO – the Anti Malware Testing Standards Organization – was formed, Zwienenberg was chosen as its president. He serves as a Vice President of AVAR and on the Technical Overview Board of the WildList. Zwienenberg left Norman in 2011 looking for new opportunities and started as a senior research fellow at ESET, spol. s r.o.  In April 2012, Zwienenberg stepped down from the role of President of AMTSO to take on the role as CTO. He also started serving on the executive committee of IEEE ICSG. In April 2015, Zwienenberg returned to the role of President of AMTSO.

Zwienenberg has been a member of CARO since late 1991. He is a frequent speaker at conferences – among these Virus Bulletin, EICAR, AVAR, RSA, InfoSec, SANS, CFET, ISOI, SANS Security Summits, IP Expo, Government Symposia, SCADA seminars, etc. and general security seminars. His interests are not limited to malicious code but have broadened to include general security issues and encryption technologies over the past years. His hobbies include but are not limited to being a Trekkie, playing the drums, magic and illusions, and balloon modelling.



We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.