Auld Lang Syne – Ancient Techtarget Article

Someone on Twitter just flagged an article that I’d long ago forgotten.

“Future of cybersec from 2002: @dharleyatESET got a lot right #infosec #cybersecurity #CISO #NHS #Ransomware #Malware

Well, to save you following that Bitly URL, it actually links to this: Predicting the future of malware and tomorrow’s malicious code. Which was actually for a special issue of Information Security Magazine.

Back in the days when I sometimes let myself be decoyed into contributing to one of those end-of-the-year-pointless-security predictions posts, the idea often came up that we should look back in hunger and do a follow-up post on ‘How well did we do?’ Happily, no-one has asked me to get into all that for years: I suppose there must be some advantages to being a grumpy old man after all. Though I’m not sure whether it’s fear of my curmudgeonly ways or the assumption that I’m too old and daft to know or care what’s ahead.

Anyway, it’s a bit of a relief to know that I managed not to make a complete idiot of myself all that way back. But on the whole, I think I’ll continue to pay attention to Daniel Delbert McCracken’s advice and decline to make predictions that can be checked in my lifetime. (HT to Rob Slade for sharing that advice with me, years ago… And to Bruce of course, for reminding me of the article.)

My next article here will be about how ransomware will have evolved in 2070.

David Harley

Posted in articles | Leave a comment

Child Safety on St Helena

It seems I’ve neglected this blog for quite a while: while I’ve touched up some of the pages where necessary, I haven’t added any articles. Well, talking of interviews (which I was about six months ago) here’s a transcript (for the ESET blog) of an interview from November 2016 with community radio on St Helena. Here’s a summary from the article.

I was invited to do an interview with Craig Williams – who has a company called Gigabyte IT – on Saint FM. That’s a community radio station on St. Helena, an island way down in the South Atlantic where Napoleon Bonaparte spent the last six years of his life, and which has only recently started to benefit from the mixed blessing of the mobile phone. He (Craig, not Napoleon) came across me via an article to which I contributed some internet safety tips for parents and children a while ago.

In the course of the interview I attempted to answer the following questions:

  1. What advice would you give to parents about their child being safe online?
  2. As a professional security expert, what advice would you give to children about having an online presence?
  3. For an island of around 4,000 people, and with mobile access only made available earlier this year, what would you say needs to be put in place for kids, to fight against cyberbullying and online grooming?

David Harley

Posted in ESET, Interviews | Tagged , , , | Leave a comment

Interviewed by Online Education

This is actually going back quite a few weeks, even months, but it’s the longest interview I’ve participated in for years, and I guess it deserves a little exposure here. (You may consider that I’ve had quite enough exposure for one lifetime, of course, but interviewer Matt Ashare asked some pretty interesting questions.)

Interview with David Harley, Senior Research Fellow at ESET

It’s one of a series of interviews conducted by with security people. Other interviewees that might interest you even more than me (!) include Dark Reading’s Kelly Jackson Higgins and my friend and sometime co-author Robert Slade.

David Harley

Posted in Interviews | Tagged , , , | Leave a comment

AVAR 2014 paper

This is the paper by myself and Sebastian Bortnik, of ESET Latin America, presented at AVAR 2014 in Sydney: Lemming Aid and Kool Aid: Helping the Community to help itself through Education
Continue reading

Posted in AVAR, David Harley, ESET | Tagged | Leave a comment

Virus Bulletin 2014 Conference Paper

So now that the 2014 Virus Bulletin conference is over, here’s the paper – my 15th VB paper! – written by Eugene Rodionov (ESET), Alexander Matrosov (Intel) and myself:

Bootkits: past, present & future

And here’s the abstract:

Bootkit threats have always been a powerful weapon in the hands of cybercriminals, allowing them to establish persistent and stealthy presence in their victims’ systems. The most recent notable spike in bootkit infections was associated with attacks on 64-bit versions of the Microsoft Windows platform, which restrict the loading of unsigned kernel-mode drivers. However, these bootkits aren’t effective against UEFI-based platforms. So, are UEFI-based machines immune against bootkit threats (or would they be)?

The aim of this presentation is to show how bootkit threats have evolved over time and what we should expect in the near future. Firstly, we will summarize what we’ve learned about the bootkits seen in the wild targeting the Microsoft Windows platform: from TDL4 and Rovnix (which was used by the Carberp banking trojan) up to Gapz (which employs one of the stealthiest bootkit infection techniques seen so far). We will review their infection approaches and the methods they have employed to evade detection and removal from the system.

Secondly, we will look at the security of the increasingly popular UEFI platform from the point of view of the bootkit author, as UEFI is becoming a target of choice for researchers in offensive security, and proof-of-concept bootkits targeting Windows 8 OS using UEFI have already been released. We will focus on various attack vectors against UEFI and discuss available tools and what measures should be taken to mitigate against them. 

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Posted in VB Conference Papers, Virus Bulletin | Tagged , , | Leave a comment

VB article: Don’t Forget To Write

[If you got here by way of the ESET We Live Security site, here’s a link to take you back to the white papers page.] This is my most recent article for Virus Bulletin:

David Harley, Don’t Forget to Write, February 2014, Virus Bulletin. Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.

It’s a review of two eBooks published (fairly) recently that aim to provide security guidance for consumers: Improve Your Security by Sorin Mustaca, and One Parent to Another by Tony Anscombe. 

It’s also available on Virus Bulletin’s own site here. Along with lots of lovely stuff that has nothing to do with me, of course. 🙂

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Posted in David Harley, Virus Bulletin articles | Leave a comment

AVAR paper 2013

This is a paper written by Larry Bridwell and myself for the 16th AVAR conference in Chennai, which was kindly presented by ESET’s Chief Research Officer Juraj Malcho, as neither Larry nor myself were able to attend the conference in the end.

Death of a Sales Force: Whatever Happened to Anti-Virus

It’s also available from the ESET Threat Center Resources page here.

Here’s the abstract:

Anti-Virus is, it seems, an ex-parrot. We’ve seen so many announcements of the death of anti-virus we’ve taken to carrying black ties around with us, ready for the next one. This paper probably won’t have much impact on the ludicrously funereal tone of some commentary, but will take an informed look at the reasons most often given for the imminent demise of the AV industry and in the hope of achieving a balanced view of the present role and future evolution of malware analysis.  Reports of the (near-) death of static signature detection may not be exaggerated, but anti-malware technology has moved far beyond simple signatures. We consider in depth the accuracy of some of the basic contentions that keep turning up ad infinitum in memoriam…

  1. Conclusions based on detection testing and pseudo-testing statistics
  2. Anti-virus is ok if you don’t have to pay for it
  3. Heuristic detection has gone the way of the static signature
  4. Spammed out malware is less important than targeted malware
  5. New (mobile) platforms require new defensive paradigms

Catching or blocking malware is just part of the security challenge, at home or in the workplace, and malware detection is a very different technology to what it was 20 years ago, but does that mean it’s obsolescent? We look at the three primary functions of AV:

  • protection in the form of proactive detection and blocking through a range of heuristic, reputational and generic countermeasures
  • detection of known malware
  • remediation where something is detected and has managed to gain a foothold

We contend and demonstrate that while emphasis has undergone an irreversible shift from detection by signature, to remediation of signature-detected malware, to more generic detection by technologies such as heuristics, behaviour analysis, and reputation, a complete solution addresses all those issues. AV is dead, or at best comatose: at any rate, self-replicating malware is a small part of a much larger problem, while signature detection is primarily a fallback technology that helps with remediation rather than a primary layer of protection. 

Anti-malware technology moved on long ago. Customer and media perception, though, has lagged way behind. Could it be that when other sectors of the security industry, driven by commercial agendas, engage in inaccurate and at best misinformed anti-AV commentary, that they are also putting their own interests and those of the community at large at risk? Would a world without the mainstream anti-malware industry be such a good place to live?

Small Blue-Green World
ESET Senior Research Fellow

Posted in AVAR, conference papers, David Harley | Tagged , | Leave a comment