Reading the thread about "Hardest AVs to fool" quite closely... I had some questions of my own... What determines quality signatures? I am mostly talking about the signatures for specific types of malware (ie: not including heuristics and memory scanning)? I hear the AT ewido security suite uses very good signatures. How is this determined? Is there any way to grade the performance of each AV as far as quality signatures are concerned? Can testing be done to see the signature quality of an AV? I read of one thread at DSLR where Andreas Haak attemped this sort of test with hex edited samples. Is this reliable testing?