I was interviewed yesterday by Fred Donovan, following up on the paper on AMTSO I presented at EICAR earlier this month. I may be prejudiced, but I think he's summarized my current thoughts on the topic pretty well in the article, though it isn't my recommendation that the existing guidelines be reviewed independently: it was
AMTSO's discussions on its own new directions, and updates to its testing-related resources.
A new conference paper discusses whether AMTSO has the credibility to achieve its aims of raising testing standards on its own.
The slides from an AMTSO-oriented presentation by Larry Bridwell and myself at this year's Virus Bulletin conference, on "'Daze of whine and neuroses (but testing is FINE)" are now available on the Virus Bulletin site are now available here (along with some other excellent presentations). The paper on which the presentation is based is on the ESET white papers
Aryeh Goretsky interviewed, as his paper on Possibly Unwanted Applications is published.
'Tis the season to get ready for the autumn round of security conferences.
It's been a busy few weeks. Last week I was in Krems, Austria for the EICAR conference. The week before, I was in Prague for the CARO workshop (where my colleagues Robert Lipovsky, Alexandr Matrosov and Dmitry Volkov did a great presentation on "Cybercrime in Russia: Trends and issues" – more information on that shortly),
...AMTSO's members have approved a document that offers guidelines to vendors on ways in which they can make it easier to test products accurately....
The March Threatsense report at http://www.eset.com/us/resources/threat-trends/Global_Threat_Trends_March_2011.pdf includes, apart from the Top Ten threats: a feature article on Japanese-disaster-related scamming by Urban Schrott and myself news of the Infosec Europe expo in London on the 19th-21st April, the AMTSO and CARO workshops in Prague in May, and the EICAR Conference in Austria that follows the story of
The February ThreatSense Report is now available...
Before I started today's flurry of blogs, I was uncharacteristically quiet: first I was at an AMTSO event in San Mateo, then at RSA in San Francisco...
Zeus-associated malware (and that includes SpyEye and "SpyZeuS") isn't supernaturally difficult to detect. It is, however, pretty adaptive and has introduced, from time to time, some innovative counter-detection techniques.
The next AMTSO members meeting is getting pretty close… It's being held in San Mateo on the 10th and 11th February. More information, including the preliminary agenda, on the AMTSO meetings page. David Harley CITP FBCS CISSP ESET Senior Research Fellow
A recent report from Get Safe Online suggested that one in four people in the UK have received calls like this (based on a sample of 1500 adults), and my colleagues in Ireland tell me that their experience suggests comparable figures there.
At the last AMTSO workshop in Munich, a guidelines document on False Positive (FP) testing was approved, and is now available on the AMTSO documents page.
The AMTSO press release about its newly announced cheap subscription model, which I previously referred to here, has been misunderstood in some quarters. I therefore tried to clarify the issues in my latest Security Week article: Once More 'Round the AMTSO Wheel of Pain. The article is also linked from the ESET white papers page.
...one of the most interesting results is the approval by the members present of a planned low-fee subscription model which will enable individuals and small organizations to participate...
1) Another Virus Bulletin conference paper has just gone up on the ESET white papers page, by kind permission of the magazine. Large-Scale Malware Experiments: Why, How, And So What? by Joan Calvet, Jose M. Fernandez, our own Pierre-Marc Bureau, and Jean-Yves Marion, discusses how they replicated a botnet for experimental purposes, and what use they
By kind permission of Virus Bulletin, we've already put two of the papers written or co-authored by ESET researchers up on the White Papers page.
...quite a few other issues have come up that are less obviously related to AMTSO's aims, and it's probably inevitable that some of those concerns will find their way out in the course of the meeting. Watch this space.