Article for AV-Comparatives

While I stopped working with ESET at the end of 2018, I didn’t entirely abandon the security industry: I’ve responded to the occasional request for an interview, including this one on Who owns social media? and I did quite a lot of work on the English translation of this Book by Eddy Willems (I might still be tempted by other authoring/reviewing/editing projects). And I’m still playing with the idea of a book on anti-malware product testing.

Meanwhile, here’s an article I wrote recently for the AV-Comparatives blog. Spotlight on security: The Curse of the False Positive. Well, product testing was part of my job description long before I joined the antivirus industry (as we still often called it at that time), so it’s not quite a case of crossing over to the Dark Side. As a matter of fact, I’ve always had a good relationship with the guys at AV-Comparatives. And I have one or two other articles in process.

David Harley

Posted in articles | Leave a comment

Book by Eddy Willems

This is Cyberdanger, an updated edition of a book previously published in Dutch and German. I contributed some material, did some general/technical editing, and also did some of the translation. You can find out more on Springer’s site here. That’s actually the UK page, but you can change the page to suit whichever part of the world you live in. I have no idea why it’s apparently more expensive to buy a single chapter than it is to buy the whole book as eBook or hardback, but I’ll see if I can find out. 🙂 Interesting sales strategy.

I’m not sure if this is the last security book I’ll work on, though. I still have the urge to write something about product testing.

David Harley

Posted in David Harley | Tagged | Leave a comment

Who owns social media?

In spite of the fact that I have very little connection with the security business at this point, I was asked for my opinion regarding the topic of deleting your content on social media.

I tend to think that the safest way of looking after sensitive data is to avoid posting it in the first place, that’s pretty much what I said, though at greater length and in more detail. However, the final article, now published, is actually pretty good, and while it does include my comments, it also covers a wider range of opinion.

Worth reading…

David Harley

Posted in articles, David Harley | Leave a comment

End of an era

As of 1st January 2018, I’m no longer working with ESET, so my connection with the information security business is now stretched pretty thin: in fact, I’ve reverted to a previous life as a musician, though there are a few security-related jobs still to be completed, and at least one of those will be flagged here when it’s publicly available.

On the other hand, I can still be tempted by further one-off authoring/editing/reviewing jobs, especially if related to security. 🙂

There’s a contact form here if you feel like tempting me. 😉

David Harley

Posted in Uncategorized | Leave a comment

Newsflash: not all security news sites are useful

Since with effect from the end of December, I probably won’t have any clients in the security industry for whom I blog directly, this may well be the last security article to be noted here.

It’s actually a decent article by Tomáš Foltýn for ESET flagging the report CYBERSECURITY TRENDS 2019: Privacy and Intrusion in the Global Village, for which I wrote an article on cryptocurrency-related crime. And in fact, there are some decent articles in that report.

Here’s the rub, though. I still have a couple of Google alerts set up that let me know when Google finds certain keywords, and one of those told me about a couple of media sites that had mentioned my article. (Perhaps there are or will be more, but I don’t have much incentive to look at this point.)

I’m not particularly bothered that both articles centred on my ‘prediction’ that there would be more cryptocurrency-related crime. That isn’t exactly what I said (because I don’t do the end-of-year crystal ball thing, and that particular prediction doesn’t strike me as particularly useful), though I did make a guess as to what future forms such crime might take. But what I attempted to provide was a consumer-friendly analysis of what the problem is, concluding with some thoughts on how to reduce the risk. That didn’t get a mention, prompting the entirely justified complaint in a comment that the ‘prediction’ was less useful than some ‘anti-cryptojacking measures’ would have been. With which I agreed entirely, and pointed out that the actual article did suggest some basic countermeasures.

And then I realized that, as is so often the case, the article didn’t actually link to the report. In fact, neither of the articles flagged by Google did.

Sadly, this wasn’t a revelation. Over the years, I’ve written for many blogs and magazines, some of them very useful, and very professional. Others, not so much. There have been many for whom I stopped writing because they excised links in my articles to my own research, or the research of potential competitors, or (most tellingly) any links at all that took the reader away from their own sites. In fact, I’ve even read security books that didn’t include references to other sources.

I’m not naive: I realize that self-promotion is a survival characteristic in the security industry, as in other industries. But I was in the security business long enough to remember a time when anti-malware companies included links to other companies virus encyclopedias, were scrupulous about attributing the findings of researchers working for competitors and linking to their reports, and so on. Most mainstream companies are still pretty good at attribution, though I can’t say the same about some so-called ‘next-generation’ companies. News media, though, are pretty patchy. While some sites/commenters like Brian Krebs, The Register et al generally strike a decent balance between editorializing/commentary and factual reporting, there are all too many news sites that regard their own articles as the only source of information that their readers will ever need.

David Harley

Posted in articles, ESET | Leave a comment

Yet more reluctant oratory

The Occasional Orator Part 3 – another exciting episode in my series of ESET articles for people who haven’t been able to avoid making presentations.

And no, the horrible blurry photograph was not my choice…

David Harley

Posted in ESET | Tagged , , | Leave a comment

More thoughts of a reluctant presenter.

The second in a series for ESET about how to look like a better speaker than you think you are. Or at any rate than I am.

The Occasional Orator Part 2 – “Public speaking and presenting at conferences can be daunting for the majority of people but by including some subtle tricks, the speaker can deliver a stronger message.”

Well, let’s hope so…

David Harley

Posted in articles, conference papers | Tagged , , | Leave a comment

Thoughts of a reluctant presenter…

The first in a series of blog articles for ESET on public speaking for people (especially security people) who aren’t primarily public speakers: The Occasional Orator Part 1

ESET’s summary: “Speaking at conferences can be daunting for presenters but often it is about striking the right balance between content and delivery.”

I’m not the world’s best presenter, but there are techniques by which people with the charisma of a wet sock, like me, can at least stop the audience walking out en masse.

David Harley

Posted in conference papers | Tagged , , | Leave a comment

Virus Bulletin conference paper 2017

Sadly, this is probably the last paper I’ll write for a Virus Bulletin conference. 16 VB papers is probably enough for one career, and at my age travel is more difficult than it was in the 1990s. 🙂

The abstract is here: ‘The (testing) world upside down

And the paper itself is here: David Harley, The (Testing) World Turned Upside Down, October 2017, Virus Bulletin. Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.

HT to Bruce Burrell and Nick FitzGerald for wordsmithing and sanity-checking.

David Harley

Posted in Virus Bulletin | Tagged , , | Leave a comment

Virus Bulletin paper #16

Well, it won’t be out till October 2017, but there’s some news about my latest (and probably last) VB paper on the ESET WeLiveSecurity blog site, and some of the other stuff that will be happening at my favourite security conference:

Virus Bulletin 2017: Small Talks announced

David Harley

Posted in Virus Bulletin | Tagged | Leave a comment