| ESET Conference Papers | Download |
|
"The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic" by David Harley
This paper follows up on "A Dose By Any Other Name", explaining why sample glut and proactive detection have sounded the death knell of the "one detection per variant" model. Presented at the 3rd Cybercrime Forensics Education & Training ( CFET 2009 ) Conference in September 2009. |
|
|
"Execution Context in Anti-Malware Testing" by David Harley
This paper explains why comparative test results based on static testing may seriously underestimate and misrepresent the detection capability of some products using proactive, behavioural techniques such as active heuristics and emulation. First published in EICAR 2009 Conference Proceedings . |
|
|
"Understanding and Teaching Bots and Botnets" by Randy Abrams
Second in a series illustrating innovative ways of teaching the concepts behind a major security issue, the paper illustrates how botmasters capture computers and "recruit" them into virtual networks to use them for criminal purposes. First published in Virus Bulletin 2008 Conference Proceedings.* |
|
|
"People Patching: Is User Education Of Any Use At All?" by Randy Abrams and David Harley
Presents the arguments for and against education as an antimalware tool, and how to add end users as an extra layer of protection in a defense-in-depth strategy. (AVAR Conference 2008) |
|
|
"Who Will Test The Testers?" by David Harley and Andrew Lee
Making anti-malware testers and certifying authorities more accountable for the quality of their testing methods and the accuracy of the conclusions they draw, based on that testing. First published in 2008 Virus Bulletin Conference Proceedings.* |
|
|
"A Dose By Any Other Name" by David Harley and Pierre-Marc Bureau
Tries to answer questions like; why is there so much confusion about naming malware? Is 'Do you detect virus X?' the wrong question in today's threat landscape? First published in Virus Bulletin 2008 Conference Proceedings.* |
|
|
"Understanding and Teaching Heuristics" by Randy Abrams
Understanding and teaching the basic concepts behind heuristic analysis and how it is used in the anti-malware industry. (AVAR Conference 2007) |
|
|
"Teach Your Children Well - ICT Security and the Younger Generation" by David Harley with Eddy Willems, and Judith Harley
Research based on surveys in Belgium and the UK on teenage understanding of internet security issues. First published in 2005 Virus Bulletin Conference Proceedings.* |
|
|
"Testing, testing: Anti-Malware Evaluation for the Enterprise" by David Harley and Andrew Lee
Looks at appropriate and inappropriate ways of testing anti-malware products. (AVAR Conference 2007) |
|
|
"Phish Phodder: Is User Education Helping or Hindering" by David Harley and Andrew Lee
Evaluates research on susceptibility to phishing attacks, and looks at web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence that discourages computer users from helping themselves? First published in 2007 Virus Bulletin Conference Proceedings.* |
|
|
"From Fun to Profit" by Andrew Lee and Pierre-Marc Bureau
Presents an overview of the evolution of malicious software, focusing on the objectives of this type of program to provide evidence for their predictions as to how it will evolve in the years to come. (Infosec Paris 2007) |
|
|
"Microsoft anti-virus — extortion, expedience or the extinction of the AV industry?" by Randy Abrams
Looks at the changes in the corporate culture at Microsoft and the company's re-entry into the anti-malware market. Will it reduce diversity of choice, and will it leave users in any better shape than MSAV did in the 1990s? First published in Virus Bulletin Conference 2006 proceedings.* |
|
| Articles by ESET Researchers | Download |
|
"Never Mind Having Fun: Are We Safe Yet?" by David Harley
(August 2009)
Review of "Is it safe? Protecting your computer, your business, and yourself online" by Michael Miller (Que). Originally published in Virus Bulletin, March 2009.* |
|
|
"The Myth of Fingerprints" by David Harley
(March 2009)
Published in Infosecurity magazine, Volume 6, Issue 2. Why the traditional naming conventions for malware no longer make sense. For purchase from Elsevier. |
|
|
"Making sense of anti-malware comparative testing" by David Harley
(March 2009)
In "Information Security Technical Report". For purchase from Elsevier. Addresses the problems around anti-malware testing and evaluation, and describes the industry's initiatives for mitigation. |
|
|
"Making sense of anti-malware comparative testing" by David Harley
(March 2009)
A pre-print version of the above article in "Information Security Technical Report" is available on David's personal web site, with the permission of the publisher. |
|
|
"Malware testing" by David Harley
(November 2008)
Considers the early impact of AMTSO, the Anti-Malware Testing Standards Organization, on the testing industry. |
|
|
"Yet Another Rustock Analysis..." by Lukasz Kwiatek and Stanislaw Litawa
A detailed analysis of the Rustock.C rootkit and some of its self-defensive measures. Originally published in Virus Bulletin, August 2008.* |
|
|
"Macs and malware: What are the dangers?" by David Harley
(July 2008)
Reviews some of the reasons why Macintosh computers in corporate environments need protection. |
|
|
"The trouble with testing anti-malware" by David Harley
(January 2008)
An overview of the problems that make most anti-malware tests so unreliable. |
|
|
"Fixing the virus problem?" by Andrew Lee
Takes a realistic look at how far Vista can be expected to mitigate the user's exposure to malicious code. Originally published in Virus Bulletin, July 2006.* |
|
|
"Phish Fingering" by David Harley
Review of "Phishing Exposed", Lance James's book for Syngress. Originally published in Virus Bulletin, July 2006.* |
|
|
"War of the Words" and "I spy" by David Harley
Reviews of Robert Slade's "Dictionary of Information Security" and "Combating Spyware in the Enterprise", by Baskin et al., both published by Syngress. Originally published in Virus Bulletin, September 2006.* |
|
| ESET White Papers | Download |
|
"Keeping Secrets: Good Password Practice" by David Harley and Randy Abrams
(August 2009)
Everyone knows that passwords are important, but what is a good password and how do you keep it safe? |
|
|
"Social Security Numbers: Identification is Not Authentication" by David Harley
(August 2009)
Americans are often expected to share their SSNs inappropriately: what are the security implications, and how serious are they? |
|
|
"Playing Dirty" by Cristian Borghello
(August 2009)
Describes in detail how criminals make money out of stealing online gaming credentials and assets. |
|
|
"Free but Fake: Rogue Anti-malware" by Cristian Borghello
(March 2009)
Understanding and avoiding fake anti-malware programs that offer "protection" from malware that doesn't really exist. |
|
|
"Common Hoaxes and Chain Letters" by David Harley
(May 2008)
An ongoing series of papers that describe some of the commonly-found lies and half-truths that continue to circulate on the Internet, and discuss some ways of identifying them. |
|
|
"Net of the Living Dead: Bots, Botnets and Zombies" by David Harley and Andrew Lee
(February 2008)
Describes the botnet phenomenon in detail: its origins and history, current trends, and what you need to do about it. |
|
|
"The Spam-ish Inquisition" by David Harley and Andrew Lee
(November 2007)
A detailed overview of spam, scams and related nuisances, and some of the ways of dealing with them. |
|
|
"ESET Smart Security 4" by ESET Research Department
(February 2009)
A detailed overview of ESET's flagship security package by the team that brings you the ESET series of product-independent threat analyses. |
|
|
"A Pretty Kettle of Phish" by David Harley and Andrew Lee
(July 2007)
Understand and avoid the attentions of phishers and other Internet scammers. |
|
|
"Heuristic Analysis - Detecting Unknown Viruses" by David Harley & Andrew Lee
(March 2007)
A detailed analysis of the differences between traditional threat-specific detection and proactive detection by generic detection and behavior analysis. |
|
|
"The root of all evil? - Rootkits revealed" by David Harley and Andrew Lee
(September 2006)
This paper describes and de-mythologizes the rootkit problem, a serious but manageable threat. |
|
|
"The Passing Storm" by Pierre-Marc Bureau, David Harley, Andrew Lee, and Cristian Borghello
(February 2009)
The Storm botnet may have blown itself out, but its legacy remains. This paper places Storm in the context of botnets in general, examining its technical, social, and security implications. |
|
| Other White Papers | Download |
| "Endpoint Security: Proactive Solutions for Networkwide Platforms," by Andrew J. Hanson, Brian E. Burke and Gerry Pintal, IDC # 216642 |
|
| "Beyond Signature-Based Antivirus: New Threat Vectors Drive Need for Proactive Antimalware Protection," adapted from Worldwide Antivirus 2006-2010 Forecast Update and 2005 Vendor Analysis by Brian E. Burke, IDC #204715 |
|
| "Malware Detection Techniques" Frost & Sullivan |
|
|
"Cybersecurity Review: Background, threatscape, best-practices and resources," by Jeff Debrosse
Cybersecurity is about protecting information and its related resources. This paper examines the different threats we face from cybercrime (the threatscape), real-world statistics to explain the scope and reach of cybercrime, and consumer and business best-practices – to protect both critical and non-critical information. |
|
| Independent Tests | Download |
| Virus Bulletin June - October 2008 Comparative Tests |
|
|
ESET Smart Security Business Edition Comparative Testing
(West Coast Labs; September 2008) |
|
| Retrospective/Proactive Test by AV-Comparatives (May 2008) |
|
| "Anti-Virus Comparative Summary Report 2007" by Andreas Clementi (AV-Comparatives.org) |
|
| Windows XP Product Comparative Tests (Virus Bulletin June 2006) |
|
| Virus Bulletin 2005-2006 Comparative Tests |
|
| Virus Bulletin 2004-2005 Comparative Tests |
|
| Anti-Spyware Solutions Technology Report (West Coast Labs February 2006) |
|
| Anti-Malware Testing and Evaluation | Download |
| How do you tell good tests from not-so-good tests? ESET is very actively represented in the Anti-Malware Testing Standards Organization (AMTSO) which is dedicated to raising the standard of anti-malware testing across the board. One of the ways in which this is being done is by making available documentation that will help aspiring testers and their audiences to understand detection testing issues better. | |
|
"Untangling the Wheat from the Chaff in Comparative Anti-Virus Reviews" by David Harley
This independent white paper provides a guide to spotting some common errors in the implementation of the anti-malware comparative tests, and was one of the documents referenced in the AMTSO "Fundamental Principles of Testing" document. |
|
| The Fundamental Principles of Testing is also available in Spanish courtesy of ESET Latin America |
|
|
The original
English version
of "Best Practices for Dynamic Testing" is available on the AMTSO site.
It is also available in Spanish by courtesy of ESET Latin America. |
|
| Other Resources |
|
Anti-Phishing Working Group
APWG is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types. |
|
Anti-Spyware Coalition
The ASC is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies. Composed of anti-spyware software companies, academics, and consumer groups, the ASC seeks to bring together a diverse array of perspectives on the problem of controlling spyware and other potentially unwanted technologies. ESET is actively participating in these important discussions. |
|
AVAR
The Association of Anti-Virus Asia Researchers is a not-for-profit group of security researchers centred in the Asia Pacific region, but also includes representatives of companies in the USA, Europe and so on, including ESET. AVAR also organizes one of the major anti-malware conference events of the year. |
|
AVIEN
AVIEN (Anti-Virus Information Exchange Network) is the largest grassroots discussion network of independent anti-virus researchers in the world, representing many millions of end-users. Since 2008, the organization incorporates AVIEWS (Anti-Virus Information and Early Warning System), and the combined organization brings together Anti-Virus software vendors, corporate security professionals and independent researchers in a discussion and information sharing network of anti-malware professionals, providing early identification and warning of new malware. |
|
Cisco® Network Admission Control (NAC)
Cisco Network Admission Control (NAC) leverages the network infrastructure to limit damage from viruses and worms. Using Cisco NAC, organizations can provide network access to endpoint devices, such as PCs, PDAs, and servers that fully comply with established security policy. Cisco NAC allows noncompliant devices to be denied access, placed in a quarantined area, or given restricted access to computing resources. |
|
EICAR
Originally the European Institute for Computer Antivirus Research, but now active in the wider security arena. Best known for the EICAR test file but also organizes a significant yearly conference. |
|
Microsoft Virus Information Alliance (VIA)
ESET has joined forces with Microsoft and other anti-virus vendors to provide detailed information on significant viruses that affect Microsoft products. Microsoft's PSS Security Team will post updated information on this website regarding new and potentially damaging viruses that have been discovered in the wild. |
|
Virus Bulletin
Home site for a monthly magazine which is a vital resource for anyone interested in anti-malware research, and the most important yearly conference dealing with this area of security. |
NOTE: The most recent figures from AV-Test are available on the Virus Bulletin web site .
A summary of past test results for all av vendors can be found here — this requires (free) registration with the site. Full details of individual tests, as reported in Virus Bulletin magazine, are available only to subscribers.
Past AV-Comparative test reports are archived at av-comparatives.org , along with information on report updates, testing methodology and FAQs
* Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge, by permission of Virus Bulletin.
Join ESET at Facebook