Author
David Harley
David Harley
Senior Research Fellow
Go to latest posts

Education? Academic background in modern languages, social sciences, and computer science.

Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2006, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.

Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.

What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.

Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...

What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.

When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)

Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.

OS X and Linux beta versions

The first public beta for ESET NOD32 Antivirus for Mac OS X Desktop is now available. "Based on our technology for BSD, Linux, and Solaris servers, ESET NOD32 Antivirus for Mac OS X Desktop has evolved to provide a GUI and feature set similiar to ESET NOD32 Antivirus for Microsoft Windows." http://beta.eset.com/macosx The first public beta

December’s Virus Bulletin

 I notice that our own Jeff Debrosse, having joined the ranks of ESET presenters at Virus Bulletin conferences this year with our paper on "Behaviour Analysis for the Next Decade"  (http://www.eset.com/threat-center/blog/2009/12/02/malice-through-the-looking-glass-conference-paper), has also swelled the ranks of ESET contributors to the magazine this month, with an opinion piece on “Cybersecurity awareness for the next generation.”.

Whatever Happened to the Unlikely Lads? – Conference Paper

Here's another conference paper we've put up recently on the white papers page at http://www.eset.com/download/whitepapers.php. "Whatever Happened to the Unlikely Lads? A Hoaxing Metamorphosis" by David Harley and Randy Abrams, was presented at the 19th Virus Bulletin Conference in Geneva in 2009, The paper was first published in Virus Bulletin 2009 Conference Proceedings. Copyright is

Chrome for the Holidays

I was asked to comment on Google Chrome OS (operating system): specifically, on the security model that is being proposed, and on the privacy issues associated with running an operating system in the cloud. You can find the article by Orestis Bastounis of Computeract!ve here: http://www.computeractive.co.uk/computeractive/news/2254227/google-unveils-chrome It's difficult to speak authoritatively about Chrome OS so

Malice Through The Looking Glass: Conference Paper

Have you checked our white papers page at http://www.eset.com/download/whitepapers.php lately? We've recently put up a paper by Jeff Debrosse and David Harley that was presented at the 19th Virus Bulletin Conference in Geneva in 2009, and called "Malice Through the Looking Glass: Behaviour Analysis for the Next Decade".   The paper was first published in Virus

No Ifs or Bots: if only…

I came across a nice article today by Dennis Fisher on “The Root of the Botnet Epidemic”. It's the start of what looks like an interesting series on "the roots, growth and effects of the botnet epidemic" and the first aricle takes a historical overview of the situation around the turn of the century, looking

Password Practice Revisited

A few months ago Randy and I put together a white paper on password "good practice" (http://www.eset.com/download/whitepapers/EsetWP-KeepingSecrets20090814.pdf).  In it, I quoted the following table of The Ten Most-Used Passwords (sourced from http://www.whatsmypass.com): 1 123456 2 password 3 12345678 4 1234 5 pussy 6 12345 7 dragon 8 qwerty 9 696969 10 mustang  Today, I came

Shortened URLs

Now here's a useful link (thanks to Mikko Hypponen for the tweet that brought it to my attention). I've made the point several times here about being cautious about URLs shortened by bit.ly, tinyurl and the many others. Which is why when I flag our blogs and papers on twitter, I normally use tinyURL or

Paedophilia and the “Trojan Defence”

This is a follow-up of sorts to Jeff Debrosse's thoughtful post recently on the problem of possible conviction for the possession of illegal paedophiliac material of individuals who had no knowledge of its presence. More recently, a tweet by Bob McMillan drew my attention to an article by Geoff Liesik on "Authorities scoff at 'child porn

Thanksgiving and Cyber Monday revisited

 With Thanksgiving and the start of the holiday shopping season almost upon us, I notice that quite a few sites are giving safe surfing advice. Since we already covered that a few days ago, I'll just post these pointers to those blogs. :) Is Cyber Monday the End of Shopping as We Know it? http://www.eset.com/threat-center/blog/2009/11/19/is-cyber-monday-the-end-of-shopping-as-we-know-it

IBot revisited (briefly)

I don't want to flog (or blog) this iPhone bot thing to death: after all, the number of potential victims should be shrinking all the time. However, having updated my previous blog (http://www.eset.com/threat-center/blog/2009/11/22/ibot-mark-2-go-straight-to-jail-do-not-pass-go)  on the topic a couple of times, I thought I'd actually go to a new blog rather than insert update 3. So here are the update bits

Qinetiq Energy: A Patent Leathering

[Update: Michael St Nietzel also pointed out that there's an issue with installers that verify a checksum before installation. In fact, this is a special case of an issue I may not have made completely clear before: unless this approach is combined with some form of whitelisting, there has to be some way of reversing the modification

iBot Mark 2: Go Straight To Jail Do Not Pass Go

[Update, courtesy of Mikko: this worm targets at least one Dutch bank, and activates when users go to the online bank with an infected iPhone ] [Update 2, courtesy of Paul Ducklin: how to change the password of an infected phone. I could just tell you what the password is, but you might want to read

And talking of Cyber Monday…

Even in Europe, we have a rough idea of what Thanksgiving is about, though we don't celebrate it at the same time or in the same way. However, Black Friday and Cyber Monday are rather less well known outside the US. Since Randy has already blogged on Cyber Monday and its security implications at http://www.eset.com/threat-center/blog/2009/11/19/is-cyber-monday-the-end-of-shopping-as-we-know-it, I took the

Great Hoax From Little Acorns…

I learned a new word today. "Glurge", according to snopes.com, an essential resource when checking the validity of dubious chain letters, glurge is the sending of inspirational (and supposedly true) tales … that often … undermine their messages by fabricating and distorting historical fact in the guise of offering a "true story". I came across

The Honour’s All Mine

(Much) earlier this year, Randy posted a blog on some email he received about his inclusion into the 2009/2010 Princeton Premier Honors Edition Registry (http://www.eset.com/threat-center/blog/2009/01/09/what-an-honor). I was reminded of it (yes, Randy, someone does read your blogs ;-)) when I got a couple of emails telling me I'd been nominated for an entry into the

Biting the Hand that Feeds You?

Verizon has just done something rather brave. The company has issued a report on "ICSA Labs Product Assurance Report" (http://www.icsalabs.com/sites/default/files/WP14117.20Yrs-ICSA%20Labs.pdf) that talks about the difficulties that most products have in meeting the requirements of ICSA Labs certification. Why is it brave? Because those companies provide ICSALabs with a healthy income, and might therefore be a

Cyberhype

Cyberwar, cyberterrorism, cybersigh…(gosh, that's almost a palindrome…) However, if you get past the cyberbuzzwords, there are some interesting articles around at the moment. On the Infosecurity Magazine, there's an article called "Cyberterrorism: A look into the future", contributed by the (ISC)2 US Government Advisory Board Executive Writers Bureau.  http://www.infosecurity-magazine.com/view/5217/cyberterrorism-a-look-into-the-future/. More thoughtful than you might expect from

No Mule’s Fool

After a few years in the security business, it's easy to get a bit too used to the background noise, and forget that not everyone is familiar with concepts like phishing (see Randy's recent blog at http://www.eset.com/threat-center/blog/2009/11/16/once-upon-a-cybercrime%e2%80%a6), or botnets ("whatever they are", as my brother said to me quite recently), or money mules. I've written

What a performance!

 We came across an interesting test report at http://www.passmark.com/ftp/antivirus_10-performance-testing-ed2.pdf. Symantec commissioned a comparative performance test from Passmark. That is, a test measuring performance in terms of speed and resource usage rather than looking at detection rates. Not surprisingly, Symantec came out very well overall, and deserves congratulations for demonstrating how far it's gone in addressing

Follow us

Copyright © 2017 ESET, All Rights Reserved.