AVAR Conference Paper 2010

In 2010, I co-wrote and co-presented a paper at AVAR in Bali with Lysa Myers (now with ESET, but then with West Coast Labs) and Eddy Willems of G-Data and EICAR: Test Files and Product Evaluation: the Case for and against Malware Simulation  Continue reading

Posted in AVAR, conference papers, David Harley | Leave a comment

AVAR Conference Paper 2009 (2)

My second paper for AVAR 2009 in Kyoto was co-written with Randy Abrams: Malware, Marketing and Education: Soundbites or Sound Practice?  Continue reading

Posted in AVAR, conference papers, David Harley | Leave a comment

AVAR Conference Paper 2009 (1)

In 2009, I co-wrote two papers for the AVAR conference in Kyoto. The first was co-written with Craig Johnston: Please Police Me. Continue reading

Posted in AVAR, conference papers, David Harley | Leave a comment

AVAR Conference Paper 2008

In 2008, Randy Abrams and I wrote a paper for the AVAR conference in Delhi on People Patching: Is User Education Any Use at All? The paper is available from the ESET WeLiveSecurity site here. Continue reading

Posted in AVAR, conference papers, David Harley | Leave a comment

AVAR conference paper 2007

In 2007, Andrew Lee and I co-wrote and presented a paper at the AVAR conference in Seoul on Testing, Testing: Anti-Malware Evaluation for the Enterprise. It’s obtainable from the ESET WeLiveSecurity site here. Continue reading

Posted in AVAR, conference papers, David Harley | Leave a comment

AVAR conference paper 2003

In the past few years, I’ve written or co-written a number of conference papers for the yearly AVAR (Association of Anti Virus Asia Researchers) conference. And I’ve only just realized that I haven’t put any of them up here.

Email virus detection and blocking is not by itself good incident management (catchy title, huh?) was written for and presented at the 2003 AVAR conference in Sydney.  Continue reading

Posted in AVAR, conference papers, David Harley | Leave a comment

New Conference Paper: Virus Bulletin 2013

[Correction: in the paper Mac Hacking: the Way to Better Testing? it’s incorrectly implied that independent tester Thomas Reed tested with on-demand scanning rather than on-access scanning because he believed that it was how detection would happen in most real-world situations. This was entirely due to a misunderstanding on my part: in fact, he did so for methodological reasons. Sorry for the confusion, Thomas, and thank you for being so understanding. David Harley, 26th October 2013.]

On the 3rd October, Lysa Myers (formerly of Intego but as of last week a colleague at ESET) and I presented a paper at Virus Bulletin’s 2013 conference in Berlin.

Mac Hacking: the Way to Better Testing?

Here’s the abstract:

Anti-malware testing on the Windows platform remains highly controversial, even after almost two decades of regular and frequent testing using millions of malware samples. Macs have  fewer threats and there are fewer prior tests on which to base a testing methodology, so establishing sound mainstream testing is even trickier. But as both Macs and Mac malware  increase in prevalence, the importance of testing the software intended to supplement the internal security of OS X increases too.

What features and scenarios make Mac testing so much trickier? We look at the ways in which Apple’s intensive work on enhancing OS X security internally with internal detection of  known malware has actually driven testers back towards the style of static testing from which Windows testing has moved on. And in what ways might testing a Mac be easier? What can  a tester do to make testing more similar to real-world scenarios, and are there things that should reasonably be done that would make a test less realistic yet more fair and accurate?  This paper looks to examine the testing scenarios that are unique to Macs and OS X, and offers some possibilities for ways to create a test that is both relevant and fair.

So here’s the full paper:

David Harley and Lysa Myers, Mac Hacking: the Way to Better Testing?, October 2013. Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.

David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow

Posted in conference papers, David Harley, ESET, VB Conference Papers, Virus Bulletin | Tagged | Leave a comment