One of my papers for EICAR 2002, co-written with ESET CEO Andrew Lee, though at that time he was working for Dorset County Council and I was working for the NHS Information Authority.
Here’s the abstract.
There is coming a generation of people to whom the word ‘computer’ will bear the same weight in language as “leg” or “arm” and it’s loss or damage be seen in similar terms to the loss or damage to one of those limbs. The computer will be a device without which life will be tremendously difficult. The introduction of malware into such an environment will have enormous repercussion both psychologically and perhaps physically. Even in today’s world the psychological impact of malware cannot be underestimated. Bearing in mind that traditionally, security has been secondary to functionality, the holy grail of the Anti-malware and security worlds will be systems that are not only highly functional and user friendly, but are intrinsically secure and hardened against attacks and other compromises of data integrity, availability, and confidentiality.
In this paper we seek to explore the traditional methods of malware management, their congruent weaknesses and strengths, and to propose some ways in which these might be made more successful.
Over time there have been many different ideas and theories proposed, some far more useful than others. We have sought to draw on all of these and to extend our own. It is our hope that this examination of current trends and recent history in malware management will throw new light on the issues, and serve as a catalyst to thought and movement towards better future systems.