Hallelujah! A Standard for Anti-Spyware Testing

As discussed in Friday's post about StopBadware.org, I believe that building and maintaining a database of known "badware" is important. The missing piece of StopBadware.org is a way to caution users before they do something stupid like download a known bad application.

Another way to prevent the spread of spyware is to make sure that anti-spyware products use common terminology and meet a lowest common denominator level of effectiveness. I'm reasonably excited about an initiative announced this morning by McAfee, Symantec, Trend Micro, ICSA Labs, and Thompson Cyber Security Labs (who?).

A clip from the press release really underscores the need for this type of activity:

When publishing results and product recommendations, few product testers currently document their test samples or methodology, and many use very small sample sets in their testing environments. As a result, there is no distinguishable benchmark for comparison of anti-spyware product vendors, leaving customers unclear as to the most effective products and solutions for their environments.

This is exactly right. The industry needs a benchmark to define this moving target called anti-spyware. ICSA Labs' involvement means it may actually get done. Having worked at TruSecure, I am very familiar with the capabilities of ICSA Labs (since TruSecure, now CyberTrust, owns them). This is a significant opportunity for ICSA Labs, which has not really had another "hit" in terms of a program that users deemed a requirement for their vendors to be tested since the AV and firewall programs launched years ago. Of course, my friend George Japak (who runs the Labs) may disagree, but it is what it is.

Given the confusion around what anti-spyware is and what it isn't and whether it makes more sense to stop it at the perimeter (via a gateway appliance) or on the client or both, having a common, agreed upon testing methodology will help. ICSA Labs has built certification programs for every significant security market, so they get how to standardize the terminology and put in place a structured, repeatable process to ensure the anti-spyware products remain effective in the face of rapidly evolving threats. It won't be long before ICSA Labs rolls out a formal certification program, so that vendors can prove they meet an acceptable level of effectiveness. This will be a big positive for everyone.

Since Microsoft is giving away their anti-spyware solution, it will be interesting to see how they fare relative to the testing methodology. Microsoft is also conspicuous by their absence in this initiative. That also begs the question about Webroot, Blue Coat and Sunbelt Software. These folks (among others) should have a hand in this as well. Hopefully this is not a transparent attempt by ICSA and their anti-virus buddies to try to protect their turf. Like any of them can really stop Microsoft. Alternatively, this could be another example of Microsoft's arrogance in not thinking they have to play in the sandbox with the rest of the industry. Ultimately, this initiative must get broader industry support to have a chance of sticking. 

As with everything, there are lots of things that can go wrong, but in the meantime users should enjoy the good news today. Help is on the way to ease some of the confusion around anti-spyware defenses.