WeLiveSecurity conference papers

Most of my conference papers since 2006 (and one or two earlier papers) are available from ESET’s WeLiveSecurity conference papers page. Of course, there are lots of papers by other ESET researchers there too, but only the ones I wrote or co-wrote are listed here. (Most are also listed elsewhere on this blog by conference: this list is ordered purely chronologically.)

FUD and Blunder: Tracking PC Support Scams By David Harley, Martijn Grooten, Craig Johnston and Stephen Burn
Presented at CFET in September 2012, this paper looks at the support scam problem from a more forensic point of view.

My PC has 32,539 errors: how telephone support scams really work By David Harley, Martijn Grooten, Steven Burn and Craig Johnston
Presented at VB2012, this is looks at the ongoing evolution of the PC telephone support scam. First published in Virus Bulletin 2012 Conference Proceedings*

PIN Holes: Passcode Selection Strategies By David Harley
Presented at EICAR 2012. Common strategies for selecting four-digit passcodes, and implications for end-user security. Originally published in the EICAR 2012 Conference Proceedings.

After AMTSO: a funny thing happened on the way to the forum By David Harley
Presented at EICAR 2012. How the Anti-Malware Testing Standards Organization might yet retain enough credibility to achieve its original aims. Originally published in the EICAR 2012 Conference Proceedings.

Man, Myth, Malware and Multi-Scanning By David Harley & Julio Canto
The use and misuse of public multi-scanner web pages that check suspicious files for possible malicious content, and why they’re no substitute for comparative testing. Based on a presentation at CFET 2011.

Daze of Whine and Neuroses  By David Harley and Larry Bridwell
Has AMTSO outlived its usefulness? And what is the future of detection testing? First published in Virus Bulletin 2011 Conference Proceedings*                

Security Software & Rogue Economics: New Technology or New Marketing? By David Harley
Presented at the 2011 EICAR conference. Compares and contrasts malicious and legitimate technology and marketing: how integration of security packages might mitigate fake applications and services.

Test Files and Product Evaluation: the Case for and against Malware Simulation By David Harley, Lysa Myers and Eddy Willems
This paper, presented at the 2010 AVAR conference summarizes the problems that arise when simulated malware is used inappropriately in detection testing, plus the history and correct use of the EICAR test file.

AV Testing Exposed By Peter Kosinár, Juraj Malcho, Richard Marko, and David Harley
Considers the good, the bad, and the ugly in comparative testing, and explores how to lie (or even inadvertently mislead) with detection statistics. First published in Virus Bulletin 2010 Conference Proceedings*

Call of the WildList: Last Orders for WildCore-Based Testing? By David Harley and Andrew Lee.
WildList/WildCore in testing and certification when dynamic and whole product testing methodologies are now preferred in most testing contexts? First published in Virus Bulletin 2010 Conference Proceedings*

SODDImy and the Trojan Defence By David Harley
Implications in the age of the botnet of the “Some Other Dude Did It” and “it must have been a Trojan” defences against conviction for possession of illegal material, especially pornography. Presented at CFET 2010.

Antivirus Testing and AMTSO: Has Anything Changed? By David Harley
How AMTSO has developed in the past few years and how the AV and testing industries have responded to those developments. Presented at CFET 2010.

Real Performance? By Ján Vrabec and David Harley
Evaluating the most common anti-malware performance testing models (as opposed to detection testing) , highlighting potential pitfalls with recommendations on how to test objectively. First presented at EICAR 2010 and published in the Conference Proceedings.

Perception, Security, and Worms in the Apple  By David Harley, Pierre-Marc Bureau and Andrew Lee
Compares the view from Apple and the community as a whole with the view from the anti-virus labs of the actual threat landscape. First presented at EICAR 2010 and published in the Conference Proceedings.

Macs and Macros: the State of the Macintosh Nation By David Harley
This 1997 paper reviews the shared history of viruses and the Mac, summarizes the 1997 threatscape, and considers possibilities and strategies for the future. Made available on the ESET web site because so many people asked about it at EICAR 2010. First published in Virus Bulletin 1997 Conference Proceedings.*            

Please Police Me By Craig Johnston and David Harley
Ethical, political and practical issues around the use of “policeware” using “cybersurveillance” techniques resembling some forms of malware. First presented at AVAR 2009 in Kyoto, and published in the Conference Proceedings.

Malware, Marketing and Education: Soundbites or Sound Practice? By David Harley and Randy Abrams
Practical, strategic and ethical issues when the security industry augments its marketing role by taking civic responsibility for the education of the community. First presented at AVAR 2009 in Kyoto, and published in the Conference Proceedings.*

Malice Through the Looking Glass: Behaviour Analysis for the Next Decade By Jeff Debrosse and David Harley
Steps towards a holistic approach to behaviour analysis, using both social and computer science to examine criminal and user behavioursthat underpin malware dissemination. First published in Virus Bulletin 2009 Conference Proceedings.*

Whatever Happened to the Unlikely Lads? A Hoaxing Metamorphosis By David Harley and Randy Abrams
The evolution of email-borne chain letters, from crude virus hoaxes to guilt-tripping semi-hoaxes, their  impact on enterprises and individuals, and possible mitigations. First published in Virus Bulletin 2009 Conference Proceedings.*

The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic By David Harley
Why sample glut and proactive detection have sounded the death knell of the “one detection per variant” model. Presented at CFET 2009.

Execution Context in Anti-Malware Testing By David Harley
Why comparative test results based on static testing may seriously underestimate and misrepresent the detection capability of some products. First published in EICAR 2009 Conference Proceedings.

People Patching: Is User Education Of Any Use At All? By Randy Abrams and David Harley
Arguments for and against education as an antimalware tool, and how to incorporate end users in a defense-in-depth strategy. Presented at AVAR 2008.

Who Will Test The Testers?    By David Harley and Andrew Lee
Making anti-malware comparative and certification testers accountable for the quality and accuracy of their testing methods and conclusions. First published in 2008 Virus Bulletin Conference Proceedings.*

A Dose By Any Other Name By David Harley and Pierre-Marc Bureau
Why is there so much confusion about naming malware?  First published in Virus Bulletin 2008 Conference Proceedings.*

Teach Your Children Well – ICT Security and the Younger Generation By David Harley, Eddy Willems, and Judith Harley
Research based on surveys in Belgium and the UK on teenage understanding of internet security issues. First published in 2005 Virus Bulletin Conference Proceedings.*                  

Testing, testing: Anti-Malware Evaluation for the Enterprise By David Harley and Andrew Lee.

Appropriate and less appropriate ways of testing anti-malware products. AVAR Conference 2007

Phish Phodder: Is User Education Helping or Hindering By David Harley and Andrew Lee
Evaluates research on susceptibility to phishing attacks, and web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence? First published in 2007 Virus Bulletin Conference Proceedings.*

*Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.