Bio

David Harley

David Harley

Senior Research Fellow

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

Articles by author

Fake Support: the War Drags On

After quite a few months of trying to raise public awareness of the problem of fake support cold-calling both here [and elsewhere, it's good to see other vendors also starting to publicize the issue. I've previously cited an article by Symantec's Orla Cox that describes one exchange of civilities with one of the scammers, and

Vogon spam is even worse than the poetry

If you read my previous blogs about P2P/inbox-mediaone/traclickmedia spam offering the currently-defunct Limewire (though some sort of replacement has been promised), you'll be glad to know that not only have they caught up with the latest news, but are now offering an alternative that is cleaner, faster, friendlier and safer. Yeah, right… In fact, looking

Stuxnet Unravelled…

...Eric Chien ... tells us that "Stuxnet requires the industrial control system to have frequency converter drives from at least one of two specific vendors..."

Dr. Zeus: the Bot in the Hat

...behaviour like this has been observed in other versions of Zeus. The really interesting discovery in this case is associated with the way in which these samples search for logical devices attached to an infected computer....

The AMTSO subscription model: a clarification

The AMTSO press release about its newly announced cheap subscription model, which I previously referred to here, has been misunderstood in some quarters. I therefore tried to clarify the issues in my latest Security Week article: Once More 'Round the AMTSO Wheel of Pain. The article is also linked from the ESET white papers page.

Virus Bulletin Seminar

Our friends at Virus Bulletin are hosting a seminar later this month ... organized by the security-knowledgeable but vendor-agnostic magazine whose annual conference is one of the major highlights of an anti-malware researcher's year.

Boonana Threat Analysis

Our interim analysis of a version of the malware we detect as Java/Boonana.A or Win32/Boonana.A (depending on the particular component of this multi-binary attack) differs in some characteristics from other reports we've seen. The most dramatic difference is in the social engineering hook used in messages sent to an infected user's friends list. Other reports

NHS Security: a Retrospective View

...While there are those who think that I've been in the anti-virus industry since mammoths roamed the Surrey hills, most of my computing career has actually been in medical informatics, though as you might expect from what I do now, documentation, security and systems/user support played a large part most of that time....

Limewire Livewire

Clearly, the news about the demise of the Limewire service hasn't reached P2P Technologies yet, or, more likely, they're hoping it hasn't reached you...

Limewire, free software, and for‑fee membership

...there are a number of other potential risks from offers like this (as I've pointed out before) ... Paying for software that's actually free and for services that aren't worth the money ... Paying for software that turns out to be malicious ... Parting with credit card and other data that might be misused...

AMTSO: Members or Subscribers?

...one of the most interesting results is the approval by the members present of a planned low-fee subscription model which will enable individuals and small organizations to participate...

Fake Adobe Updates

An email headed “ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION” has been spammed out recently: of course, it’s a fake, linking to a site that isn’t Adobe’s.