Some of you may have noticed that I've been uncharacteristically quiet the past few days. That's because I really needed to do catch up with other things. Sad though I am to have missed the opportunity to jeer at Mikeyy the Worm and his new employer (though I may come back to them shortly, just because that sort of idiocy is so annoying to me and others - hi, Graham!), among many other juicy stories about IRS frauds, SCADA malware, Microsoft updates (I see that Excel patch finally made it into the world outside), and so on.

One of the things I have been working on, however, is getting some new content onto the ESET white papers page. Some of the (considerable)  work involved has been purely internal stuff, important on a corporate level but not obvious to the casual onlooker. (Thank you Nigel, Kris, Maureen, Jeremy et al for all your help and work on all that!)

In the "ESET Conference Papers" section we've added:

  • "People Patching: Is User Education Of Any Use At All?" by Randy Abrams and David Harley, which presents the arguments for and against education as an antimalware tool, and considers how to add end users as an extra layer of protection in a defense-in-depth strategy. That's the paper we presented a the AVAR Conference in New Delhi in 2008. 
  • "Who Will Test The Testers?" by David Harley and Andrew Lee, which is concerned with ways of making anti-malware testers and certifying authorities more accountable for the quality of their testing methods and the accuracy of the conclusions they draw, based on that testing. The paper was presented at the 2008 Virus Bulletin Conference in Ottawa. 
  • Also presented at Ottawa was "A Dose By Any Other Name" by David Harley and Pierre-Marc Bureau, which tries to answer questions like; why is there so much confusion about naming malware? Is 'Do you detect virus X?' the wrong question in today's threat landscape?
  • "Understanding and Teaching Heuristics" by Randy Abrams, is about
    understanding and teaching the basic concepts behind heuristic analysis and how it is used in the anti-malware industry. He presented it at AVAR in 2007. (The paper on "Understanding bots and botnets" that he presented at Virus Bulletin in 2008 should also be available shortly.)
  • "Teach Your Children Well - ICT Security and the Younger Generation" by David Harley, Eddy Willems, and Judith Harley actually links to an paper on a personal page that I'm using as a repository for older papers. It's a research paper based on surveys in Belgium and the UK on teenage understanding of internet security issues. It was presented at the 2005 Virus Bulletin Conference in Dublin.

Under "Articles by ESET Researchers", a couple of links have been added to articles of mine published by Elsevier. I'm afraid they're not free!

  • The Myth of Fingerprints" by David Harley (March 2009) was published in Infosecurity magazine, Volume 6, Issue 2 and is a brief consideration of why the traditional naming conventions for malware no longer make sense.
  • "Making sense of anti-malware comparative testing" by David Harley (March 2009) is in an "Information Security Technical Report". It addresses the problems around anti-malware testing and evaluation, and describes the industry's initiatives for mitigation (notably AMTSO).

Much more to come!

David Harley
Director of Malware Intelligence