Approach_Note_for_Anti_Virus_application_testing_in_Mobiles

8/7/2019 Approach_Note_for_Anti_Virus_application_testing_in_Mobiles

1/12


2/12

This document is structured as follows:

Introduction to AntiVirus

How AntiVirus works

Testing Antivirus

Test Specification Development Approach Test Environment

Testing across various releases

Various time estimates

References

Acronyms

Acronyms Definition

GSM Global System for Mobile Communications

GPRS General Packet Radio Service

IOT Interoperability tests

PSTN Public Switched Telephone NetworkRAS Remote Access Server

PPG Push Proxy Gateway


3/12

2 Introduction to ANTIVIRUS

2.1 What is Virus?

Virus is a program or programming code that replicates by being copied or

initiating its copying to another program, computer boot sector or document.

The following are the three main types of virus

Boot Sector Virus: This is the first sector in the hard disk or internal

drive. The boot sector is referred to every time the device is poweredon, and hence it is a vulnerable place for Virus attacks.

Macro Virus: This is a most common virus. This virus spreads throughemails, Internet downloads etc.

File Infecting Virus: This virus infects the executable files loading intothe memory when executed. This is the most interesting virus found

on mobile phones, in addition to worms and Trojan horses.

Virus in Mobiles

Virus in mobiles have been a new phenomenon but are increasingly becominga reality due to the large number of features and complexity of the software.

Virus in mobiles work pretty much the same way as in desktops from the user

perspective though the way in which they are transmitted differs greatly.In desktops, the major source of virus transmission is through mails and web

sites. (network access). For mobiles, in addition to this, the most important

modes of virus transmission will be other interfaces like Bluetooth andInfrared.

The ultimate result of a virus will still be the same i.e. to corrupt user dataand system data and in a lot of cases render the system unusable. This is a

worrying factor in mobiles considering that the core applications in mostmobiles are written by different vendors increasing the possibility of

weaknesses to be exploited.

2.2 What is AntiVirus?

Anti-Virus is software that is designed to detect the viruses present in the device

and remove them without causing any damage to the device.

3 How AntiVirus Works

The main component of the antivirus software is the Scanning Engine.


4/12

This engine should be capable of performing the various scanning methods inorder to check for the virus present in the device. Some of the most common

scanning methods are mentioned below.

1. Identifying the various virus-laden files using the virus signatures defined bythe scan engine

2. Since finding all the virus files using virus signatures is difficult, especially forthe new viruses, it should be possible to flag the suspicious data structures orstrange behavior which might result in a virus. This helps in detecting the files

that might contain virus in them.

Once the virus is detected, proper action should be taken by the anti-virus

software to ensure that the device is not affected and that there is no data loss.

4 Testing AntiVirus

4.1. Functional tests

These tests should be done to ensure that the anti-virus software functions properlyin the device and all it's features work fine.

The major functionalities to be tested are:

a) Scanning Engine

The scanning Engine has to be tested to ensure that the device isscanned properly and that the various types of virus are detected and

proper action is taken.

This can be performed by importing some virus files into the deviceand then running the anti-virus software.

Once the scanning is done, the details of the scan like the number ofviruses detected, type of the viruses and the action performed details

can be shown to the user.

All the types of actions that can be performed on the detected virus

should be tested. This can be done using various types of virus datafiles like:

Files containing Virus that can be disinfectedautomatically

Files containing virus that might require specialdisinfection (In this case, the vendor should provide the

tools to be used to remove the virus).

Files containing virus that cannot be removed by the

anti-virus software


5/12

b) AntiVirus Software Updation

It should be possible to perform updation to the anti-virus software

present in the device and ensure that the latest virus signature filesare also added to it. This helps in checking the files present in the

device for the latest found viruses also.

c) Logs

Logs should be generated everytime a scan is performed so that theuser can keep a record of the various scans performed till that time.

System Tests

These tests should be performed to ensure that the device is stable while thevirus scan is running in the background and when following interrupts (for

example) occur in between.

Incoming/Outgoing Call Incoming/Outgoing Messages like SMS/EMS/MMS

Beaming Events IR and BT

Alarm events from various applications like Clock, Calendar,

Tasks etc.

Push Events SI and SL

Cell Broadcast Messages

Synchronization

Automatic Schedule updates

Active Browser session and downloading of various filesincluding virus files

Other type of active tests should also be done during System tests. Anexample would be sending a virus to the device via. MMS or E-mail as an

attachment or via IR/BT beaming and checking if the running anti-virusdetects it.

Interoperability tests

These tests ensure that the anti-virus software under test is compatible withthe various other applications present in the device.

Some of the applications with which the anti-virus software should be

compatible are:

1. Secure applications provided by various vendors like Symantec, F-Secure,PointSec etc

For example, the PointSec application can be used to encrypt and lock the

various files present in the device. The behavior of the device on trying toperform a scan while the PointSec application is active can tested.


6/12

2. Firewall applications: The anti-virus application should be compatible withthe Firewall software present in the device.

Virus detection can be done using the Firewalls also using the Detection

Intrusion feature where the firewalls scan for patterns of network traffic todetect Virus. The interoperability of the anti-virus application on trying to run

it while the firewall is already active can also be tested.

Release Checks

These include the basic checks to be performed on the Anti-Virus software

before it is going to be released into the market. This includes testing thebasic functionality with a very few and most common interrupts on it ensure

that the software is good and stable

5 Specification Development Approach

The test specification development phase involves the following activities.

Study of the specification documents

Preparation of Coverage Matrix

Test Specification Development

Test Data collection

5.1. Study of Specification documents

During this phase, the individuals involved in the test specificationdevelopment activity are supposed to go through the various documents like

requirements document, specification document, and Use Case documents toequip themselves with the necessary knowledge on various features in

antivirus to develop the necessary documents like coverage matrix, testspecification.

5.2. Preparation of Coverage Matrix

The aim of this document is to have a complete coverage of the features

mentioned in the specification document and the Use Case document if any.

The following types of test cases would be identified.

1. Positive test cases- These test cases test directly the positive functionalitymentioned in the specification document or in the UC document.

For e.g. Testing the various types of possible scan methods

2. Negative test cases Test Cases with invalid scenarios


7/12

For e.g. like trying to scan for a file which is not present in the device orwhich is not valid or trying to update the antivirus software using corrupted

virus signature files etc.

5.3. Test Specification Development

The test specification is a consolidated report that lists all the test cases for

testing the antivirus software.

It includes test cases to test the following features

The various functionalities of the antivirus software

Stability of the device while various interrupts occur while the antivirus

software is active (i.e. scan is running in the background)

Interoperability test cases

Negative scenarios

Every test case will be in the following structure.

Test Case ID This cell contains the test case ID in a specified format to

ensure that the test Case ID's are unique

Prerequisite This cell contains the prerequisites for testing.

Objective Objective of the test case to verify

Description Short description of what the test case actually does

Expected Output The expected output

Reference Reference for this scenario from the specification

documents or Use Case document

Comments Comments regarding this test case

Test Data The Virus test data files required to execute this test

scenario

5.4. Test Data Collection

This phase involves the collection of various virus data files required to test

the antivirus software. The types of data files that are required to test thevarious actions of the antivirus software are mentioned in Section 4.1.

These test data files may be supplied by the vendor during the testing. If not

then the test data has to be collected from the Internet.

6 Test Environment

Two types of test environment can be used to test the antivirus softwarebased on the development life cycle and the phases of the testing


8/12

6.1. Test Simulators

During the initial stages, the testing of the antivirus software can be done onPC based test simulator. All the test cases that deal with checking the

functionality of the antivirus software can be covered using the test simulator.

The tests here will be performed by importing the necessary virus data filesinto the test simulator and then running the antivirus software in it.

6.2. On device testing

The test cases related to system testing and those test scenarios that need

network support have to be tested on the device.

The test environment required for this testing is as follows:

Web Servers and Origin Servers are useful to test browser related interrupts

during the testing and also to download the virus data files into the devicewhile the scan is active.

The virus data files can be imported into the device either by downloading

them from the Web through various mechanisms like E-mail, MMS or bybeaming. Another alternative is to copy the virus data files to the Phone

memory or to the external memory using PC software.

With the help of anti-virus server it is possible to customize the testing ofantivirus update by having various types of virus signature files on the Anti-

Virus server


9/12

To test the automatic updation of anti-virus client software from the server,

the PPG is required in between. The antivirus client software will beautomatically updated with the latest virus signature files present in the

server using the Push technology.

Testing various releases of the software

7.1. Alpha tests

This testing comprises of the initial testing cycles that are performed once the

software is ready.

For the software releases that happen initially, only the functionality of thesoftware has to be checked. Most of this testing can be done using the PC

based simulators (Refer Section 6.1) since network support will not berequired to test the basic functionalities of the antivirus software.

If the software is found to be stable and most or all of it's functionalities are

met, the software goes for Beta Release testing.

7.2. Beta tests

The software is taken for Beta testing only if it passes the alpha criteria.This testing concentrates mainly on testing the stability of the device or the

system while using the antivirus software. This release is oriented moretowards the System testing.

These test have to be performed mostly on the device in order to execute thenetwork related interrupts like incoming call/messages, beaming events etc.

(Refer Section 6.2).This includes checking the interoperability of the software by executing

various IOT related test scenarios.

7.3. Candidate release tests

Candidate release software is like a preview of the final software.This testing is performed to ensure that the software is bug free and to find

any bugs present in the software before releasing it into the market.

The entire functionality of the software will be tested to ensure that the

software that is going for the final release is bug-free.

7.4. Release tests

These are the tests to be performed on the software that is ready to be

released into the market. (Refer Section 4.4 for more details).


10/12

Note: Regression testing will be performed during all the above mentionedtest cycles to ensure that the software works fine even after fixing the found

problems and on performing various changes to the existing software.

Test Cases Estimate

The possible number of test cases for each of the types of testing is asmentioned below:

S.No Test Cases Possible Scenarios Number of Tes

cases

1 Functional test cases

Software Installation

8

Testing the variousVirus scan techniques

Perform scan with

various options set

Updation of antivirus

software using variousmechanisms like

manual/automaticupdates

Logs

Checking all the types

of actions that can beperformed on the

virus found after scanis done

Software Upgrade

Software Uninstall

2 System test cases Performing scan with

various interrupts like:1.Incoming/Outgoing

Call2.Incoming/Outgoing

Messages likeSMS/EMS/MMS

3.Beaming Events IR and BT

4. Alarm events fromvarious applications

like Clock, Calendar,Tasks etc.

5.Push Events SIand SL

6.Cell Broadcast

Messages7.Synchronization

8.Automatic Schedule

updates9.Active Browser

15


11/12

session anddownloading of

various files includingvirus files

Performing scan whenthe Phone memory is

full and during lowbattery conditions

Negative testscenarios like:

1. Scanning corruptfiles

2. Try to scan for filesnot present in the

device3.Updation of Virus

Scan software usingcorrupted virus

signature files

3 IOT test cases

Check the

compatibility of theantivirus software

with othersoftwares/applications

present in the mobile

2

Perform automatic

virus scan update andautomatic email

update at the sametime

Note: This estimate has been prepared considering only the basic

functionalities of the antivirus software. The number of these test cases is

subject to change based on the features that are going to available in thesoftware that is to be tested.

Time Estimate

9.1. Test Specification Development

Phase Time (in man hours)Study 24

Coverage Matrix Development 24

Test Specification development 40

Test Data collection 32

Total time estimated for specification development = 120 man hours


12/12

Note: This estimate has been prepared considering only the basicfunctionalities of the antivirus software. The number of these test cases is

subject to change based on the features that are going to available in thesoftware that is to be tested. This might affect the time estimated for each of

the above mentioned phases.

9.2. Test Lab Setup

Time required to set up the servers and have the data files like various virussignature files in place in the anti-virus server = 40 man hours

Note: The feasibility of the lab set up for the antivirus server has to be

discussed yet. Based on that this time estimate is subject to change.

9.3. Testing

Testing Cycle Type of testing to beperformed

Time (in man hours)

Alpha Testing Functional 24

Beta Testing System testing along with

checking all thefunctionalities, and

Interoperability testing

40

Candidate Release Testing Complete testing including

Functional testsSystem tests

Interoperability tests

40

Final Release Release testing with some

basic checks on thesoftware

10

Total time estimated for testing across various cycles = 114 man hours

Note: This estimate is made considering on the basic and common features ofthe antivirus software and is subject to change.

Approach_Note_for_Anti_Virus_application_testing_in_Mobiles

Documents

Transcript of Approach_Note_for_Anti_Virus_application_testing_in_Mobiles