David Harley
davidharley copy 2
David Harley
Senior Research Fellow
Go to latest posts

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.


Cyberwar, cyberterrorism, cybersigh…(gosh, that's almost a palindrome…) However, if you get past the cyberbuzzwords, there are some interesting articles around at the moment. On the Infosecurity Magazine, there's an article called "Cyberterrorism: A look into the future", contributed by the (ISC)2 US Government Advisory Board Executive Writers Bureau. More thoughtful than you might expect from

No Mule’s Fool

After a few years in the security business, it's easy to get a bit too used to the background noise, and forget that not everyone is familiar with concepts like phishing (see Randy's recent blog at, or botnets ("whatever they are", as my brother said to me quite recently), or money mules. I've written

What a performance!

 We came across an interesting test report at Symantec commissioned a comparative performance test from Passmark. That is, a test measuring performance in terms of speed and resource usage rather than looking at detection rates. Not surprisingly, Symantec came out very well overall, and deserves congratulations for demonstrating how far it's gone in addressing

Botnets, Complacency and the UK Government

Gadi Evron drew my attention in an article for Dark Reading to a piece in IT Pro by Asavin Wattanajantra. The piece quotes Dr. Steve Marsh, of the UK's Cabinet Office (the Office of Cyber Security, to be precise) as saying that botnet operators are interested in money-generating attacks on the private sector, not causing

AVIEN blog: Absolute Elsewhere

Strangely enough, I'm actually encouraged to contribute to other blog pages, perhaps in the hope that I'll stop cluttering this page with rubbish about iPhones. Today I've finally remembered that I'm supposed to contribute regularly to the AVIEN blog page at You might find these a little lighter in tone than I tend to

Is There A Lawyer In The Lab?

Now that the end-of-year security conference season is winding down, we're able to start making available some of the presentations and papers that we've been building up in the past few months, but haven't been able to make publicly available ahead of the events for which they were written. We've already made available a slide

When is a worm not a worm?

Will No-One Rid Me Of This Turbulent Hacker Tool? ( I was kind of hoping to have moved on from the iPhone data stealing hacker tool by now. While I do think it's a significant development (see, there comes a point where the sheer volume of discussion of the subject gives it more importance

iPhone Hack Tool: a Postscript

Update: there's more information on the Windows 7 exploit mentioned below in a Register article at Update 2: I keep seeing references to this as a virus or worm. However, the code I've seen does not contain any self-replicative functionality. It's not even a Trojan, as such. Following an extract from one of my

iPhone/Privacy.A: a bit more info

In my previous blog on this topic (, I said that I didn't know if this hacking tool worked under Windows as well as OSX/Unix and Linux. I've subsequently exchanged email with Philippe Devallois at Intego, who tells me (thanks, Philippe!) that in principle, it will work fine with Windows. It's written in Python (as

Hacker tool exploits vulnerability in jailbroken iPhones

I don't really want to keep banging on about jailbroken iPhones when there are threats out there that affect many more people (though according to Intego, 6-8% of iPhones are, in fact, jailbroken, so I don't want to minimize the threat either). I'm quoting Intego because they've just blogged ( what I think is a

ikee iPhone iWorm iSource: iYukkkkk!!!!

Inevitably, the source code for the ikee worm I mentioned in a previous blog ( has crept back out from under its rock. It's probably equally inevitable that there'll be more script-kiddy attempts to produce variants and it will be easier for heavy-duty malware creators to produce new malware using similar techniques, if they're so-minded. If you

ThreatSense.Net: Fear and Loathing in the UK

I was asked about malware infection in the UK (especially with reference to Conficker), and(a) if the situation is really as bad as we, the AV vendors make out, and what the real infection rate is; and (b) whether government and ISPs etc could do more to help. You can now find a link here

iWorm ikee: Sex and Drugs and Rick and Roll

The iPhone, it seems, is under siege: a recent worm exploits a known (and previously exploited) vulnerability that affects the owners of "jailbroken" phones on which OpenSSH has been installed. (Jailbreaking allows iPhone users to install and use unapproved applications.) Of course, there's been an enormous amount of media coverage on this already (I've just

Tamper-Proof Anti-Malware

As I already mentioned briefly in a blog about our October Threat Trends Report, researchers Christopher and Samir came up with an interesting idea at the First International Workshop on Aggressive Alternative Computing and Security, held under the auspices of ESIEA Laval (École Supérieure d'Informatique, Electronique et Automatique). They took a handful of scanners (including NOD32),

October Global Threat Report

As usual, ESET has released its monthly Global Threat Trends Report, which will be available in due course at There are no surprises in the top five malicious programs, which have the same rankings as in the September report. Clearly, not enough people are taking our accumulated advice on reducing the risk from Conficker,

False Positives: A Round of Applause…

The anti-malware industry isn't a suitable environment for the thin-skinned. We get used to receiving "more kicks than ha'pence" (see In particular, I've grown accustomed to the fact that many people expect all the following from an AV product: Absolute Protection Absolute Convenience Absolutely no  False Positives Absolutely no charge False positives (FPs) are

Halloween: There’s Something Scary In Your Search Engine

We told you to watch out, didn't we? (see Randy's blog at But it's not just Michael Myers, zombies and vampires you need to watch out for. It's also Funny Halloween Costumes, Harvey Milk, Pumpkin Carving Stencils, candy, Pokemon, and McDonalds Monopoly online. Yes, the fake/rogue AV gang have started on their Halloween special,

Fake Anti-Malware: Blurring the Boundaries

It won’t come as a surprise to regular readers of this blog that there’s a lot of fake/rogue anti-malware about. (see However, a report released at RSA Europe goes some way towards quantifying that threat, and has created something of a stir in the media. That’s to be expected: journalists tend to love facts and figures. Anti-malware

Fake Windows Update

[Update: I notice that at about the same time that I posted this, Sophos also flagged a blog reporting a somewhat similar fake update for Microsoft Outlook/Outlook Express (KB910721). The message is a lot different and links to a different site pretending to be Microsoft’s update site, but is clearly not to be trusted. So the

Antivirus? Who Needs It?

I came across an interesting article today on "Breaking the conventional scheme of infection" at the evil fingers blog site. Actually, it’s by my colleague in Argentinia, ESET Latin America Security Analyst, Jorge Mieres, but I didn’t realize that at first. (The original blog is in Spanish, and if your command of that language is

Follow us

Copyright © 2015 ESET, All Rights Reserved.