One of the truly remarkable characteristics of the Anti-Malware industry is its willingness to share information among competitors. While we all compete economically, we are united in the effort against our real competition - the bad guys. One of the great facilitators in this sharing has been the IEEE Industry Connections Security Group. This group, made up of players from across the AM space, has focused on areas of common pain. The belief being that there are certain ancillary tasks that each of us must perform, and that these tasks consume resources that could be better used fighting the fight.
A major contribution of this group is the Anti-Malware Support Services (AMSS). AMSS has focused on the common problem of false positives (FP). The Taggant system allows us to identify the common user creating packed (or commercially obfuscated) programs. Packed files have long been a FP concern, since so much malware is packed and packed files have a tendency to trip static heuristics. The other area of AMSS is the Clean-file Metadata eXchange (CMX). This allows legitimate software companies and organizations to publish metadata about their files before they are actually released. This allows cloud-based FP mitigation technologies to pre-position this data even before the first customer sees the file.
This talk will cover a little bit of history, report on the current state of things, and discuss where we might go in the future.