11/11/04 21:34:41.55
VT公式からの警告
URLリンク(www.virustotal.com)
Why using VirusTotal for antivirus testing is a bad idea?
Hispasec is rather tired of repeating that VirusTotal was not designed as a tool to perform AV comparative analyses,
but as a tool that checks suspicious samples with several AV programs and helps AV labs by forwarding them the malware they failed to detect.
Those who use VirusTotal to perform AV comparative analyses should know that they are making many implicit errors in the methodology, the most obvious being:
・VirusTotal AV engines are commandline versions,
so depending on the product, they will not behave exactly the same as the desktop versions
:for instance, desktop solutions may use techniques based on behavioral analysis
and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
・In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions
;heuristics in this latter group may be more aggressive and paranoid,
since the impact of false positives is less visible in the perimeter.
It is simply not fair to compare both groups.
These are just two examples illustrating why using VirusTotal for antivirus testing is a bad idea,
you can read more about this issue in our blog*1. The Prevx team also made an entry in its blog*2 discussing the matter.
*1 URLリンク(blog.hispasec.com)
*2 URLリンク(www.prevx.com)