Education? Academic background in modern languages, social sciences, and computer science.
Highlights of your career? I was a late starter (1986) as an IT professional, beginning at the Royal Free Hospital, then with the Human Genome Project (1989), then at Imperial Cancer Research Fund (1991-2001), where I wrote/co-wrote/edited a number of Internet FAQs and my first articles on programming and security. I presented my first conference papers in 1997 (at Virus Bulletin and SANS). In 2001 Osborne published Viruses Revealed (co-written with Robert Slade and Urs Gattiker): VR and the later AVIEN Malware Defense Guide (Syngress) – to which Andrew Lee also contributed – are probably the best known of my books. When I rejoined the UK’s National Health Service in 2001, I ran the Threat Assessment Centre and was the go-to person nationally for malware issues. I left to work as a freelance author and consultant in 2006, which is also when I began to work with ESET.
Position and history at ESET? Senior Research Fellow at ESET N. America. Primarily, I’m an author and blogger, editor, conference speaker, and commentator on a wide range of security issues. Like the rest of the industry, they put up with me because I’ve been around so long.
What malware do you hate the most? Malware is just code. It’s malicious people I detest. While I’ve no love of scammers, I can see that it’s easier to be honest in a relatively prosperous environment – if there is such a thing anymore – and that cybercrime can be driven by an economic imperative. But I have nothing but contempt for those sociopaths who cause harm to others for no reason except that they can.
Favorite activities? The guitar (I still gig and record when time allows), other people’s music. I love opera but don’t attempt to sing it. Photography, art, poetry, country walking – well, ambling is about as much as I can manage at my age – good food and wine, good television when I can find it...
What is your golden rule for cyberspace? Scepticism is a survival trait: don’t assume that anything you read online is gospel truth, even this adage.
When did you get your first computer and what kind was it? Amstrad PCW (primarily a word-processor) in 1986. What else would you expect a not-very-rich author to buy in 1986? :)
Favorite computer game/activity? Extra-curricular writing (blogging, verse and lyrics, articles). Digital photography and miscellaneous artwork.
The Register today ran a story about the phishing attack spread by the Google Talk instant messaging system, which uses TinyURL to conceal the real name of the link. John Leyden’s story (quoting Graham Cluley at some length) makes several good points about reducing your exposure to the threat, and Graham’s blog makes some more.
A memo to Middle- East Asia Promotion. Thank you for letting me know that I’ve won $720,000.00 in a promotion sponsored by Dell and the Emirates Foundation. Four days running: nothing suspicious about that, nor the fact that my wife has apparently won the same amount in the same promotion every day for the past
False positives. Every anti-malware vendor’s worst nightmare. The European publisher Heise, apparently recently reinvented as The H, has pointed out that both GData and Bitdefender were inaccurately flagging winlogon.exe as Trojan.Generic.1423603. In case you were wondering, this doesn’t mean the whole anti-malware industry has gone mad: GData’s product uses two engines, one of which is
For the geekier among us wanting or needing to know more about the Adobe vulnerability that Randy and I both blogged on yesterday, here are a few resources: More from Shadowserver at http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221 As we’ve said previously, disabling JavaScript, while it doesn’t address the underlying vulnerability, stops known exploits from working properly. There are rules
An IT/business magazine called Information Age, apparently aimed at executives with interest and responsibilities in IT, hit my letterbox this morning. That’s an actual magazine with real paper pages: remember those? Seeing as it’s Saturday, I took it back to bed with me to look through while I had the first coffee of the day, and
Update: a quick tip of the hat to Steven, who sent us a URL for a somewhat related blog about problematic premium text services. Speaking of the 2008 report, here’s another extract, this time about fake antimalware. “We expect to see increasing volume and sophistication in criminal attempts to extort money from end users in
Security issues with PDFs are nothing new, as a skim through past Adobe security bulletins and advisories indicates. (This isn’t a criticisim of Adobe: it’s inevitable that security issues will surface from time to time in sophisticated, function-rich software, and Adobe are clearly aware of the need to address the problems as they arise.) In
ICANN’s Fast Flux Working Group recently announced an Initial Report. In fact, it also offered a 20 day window for submitting comments on the report, but I missed that, as I was travelling and didn’t read that particular email. Perhaps you did better, in which case you probably won’t be much interested in this blog.
A few days ago, I promised (threatened) to make some general points about biasing test results, but travel and other obligations have been getting in the way. I’ll get back to that very shortly, but in the meantime, I want to look at an issue with the latest round of Microsoft patches that I was
I don’t regard myself as being particularly naive: I know as well as you do that having an excellent product is not enough on its own. You usually have to market it properly as well: otherwise, it sinks because no-one is buying it, so no-one is making a living. I know, too, that this industry is not
As the Win32/Waledac nuisance continues to escalate, it’s good to know that there are some certainties in a changing world. One, unfortunately, is that people will continue to fall for hoaxes and chain letters. Much to my surprise, one of my mailboxes has just been visited by an old friend, a hoax that has been
I may have mentioned the Anti-Malware Testing Standards Organization here before. ESET is an enthusiastic supporter of this initiative, and several members of the research and lab teams attended the meeting at the beginning of this week in Cupertino. Lots of interesting and stimulating discussion took place. The Review of Reviews Board (or Review Analysis
I just did some work on a report that quotes some of the various statistics – or do I mean guesstimates? – regarding how many machines were likely to have been infected by Conficker. That report has already gone out, but it’s been pointed out to me that the wording makes it sound like we’re
I just happened upon a blog that made an interesting point about the information that’s been made about Conficker. Essentially, the writer was fulsome in her praise of an article by Gary Hinson here, which gave some simple advice on dealing with Conficker/Downadup. As it happens, I’m familiar with the name Gary Hinson: he also contributes
I got asked “what is the big trend in security software at the moment”. It seems to me there are several significant threads to the answer, in terms of anti-malware. Dynamic and/or behaviour analysis. Dynamic analysis as implemented in mainstream antimalware is basically an automated version of dynamic analysis is used in computer forensics. In
MSNBC put up some interesting comment on the Heartland security breach. Since they’ve put some emphasis on the involvement of malware in the breach, it’s worth making a few points. * Heartland was PCI compliant when the breach occurred. The PCI DSS v1.2 Requirement #5.1.1 states: “Ensure that all anti-virus programs are capable of detecting,
…no promise of chicks for free, but I did get spam this morning offering me a “Free-Trial kit” for some scheme for “making money through the Internet by doing almost nothing” (probably some sort of pyramid scheme, I guess, updated with a reference to using Google). While I’m not about to take up the offer, I
[Update: Spiegl Online reports (in German!) that the total may be as high as 50 million infected machines: however, this figure seems to be extrapolated from the number of infections picked up Panda’s online scanner. Statistically, I’m not sure it makes any sense at all to try to correlate this self-selecting sample to the total population of
You may have noticed that I’ve been making a lot of references to this over the past few weeks. You can now download it here. Quite a few people have worked pretty hard to make this project happen, and I’d like to thank them now. I hope some of you will find it interesting and
The top ten (twenty, twenty-five…) season doesn’t seem to have finished yet: the latest to cross my radar was something like seven ways of surviving the recession, which I’m sure is of interest to all of us, but not really in scope for this blog. So here’s a snippet from our 2008 Global Threat Report,
