白皮書

Real Performance?

By Jan Vrabec and David Harley

This paper objectively evaluates the most common performance testing models (as opposed to detection testing) used in anti-malware testing, highlighting potential pitfalls and presenting recommendations on how to test objectively and how to spot a potential bias.

First presented at EICAR 2010 and published in the Conference Proceedings.

Perception, Security, and Worms in the Apple

By David Harley, Pierre-Marc Bureau and Andrew Lee

Apple's customer-base has rejoined the rest of the user community on the firing line. This paper will compare the view from Apple and the community as a whole with the view from the anti-virus labs of the actual threat landscape.

First presented at EICAR 2010 and published in the Conference Proceedings.

Macs and Macros: the State of the Macintosh Nation

By David Harley

This 1997 paper reviews the shared history of viruses and the Mac, summarizes the 1997 threatscape, and considers possibilities and strategies for the future. It's been made available for historical interest because so many people asked about it at EICAR 2010.

First published in Virus Bulletin 1997 Conference Proceedings.*

Please Police Me

By Craig Johnston and David Harley

This paper looks at the ethical, political and practical issues around the use of "policeware", when law enforcement and other legitimate agencies use "cybersurveillance" techniques based on software that resembles some forms of malware in its modus operandi.

First presented at AVAR 2009 in Kyoto, and published in the Conference Proceedings.*

Malware, Marketing and Education: Soundbites or Sound Practice?

By David Harley and Randy Abrams

This paper considers the practical, strategic and ethical issues that arise when the security industry augments its marketing role by taking civic responsibility for the education of the community as a whole.

First presented at AVAR 2009 in Kyoto, and published in the Conference Proceedings.*

Malice Through the Looking Glass: Behaviour Analysis for the Next Decade

By Jeff Debrosse and David Harley

This paper considers steps towards a holistic approach to behaviour analysis, using both social and computer science to examine the behaviours by both criminals and victims that underpin malware dissemination.

First published in Virus Bulletin 2009 Conference Proceedings.*

Whatever Happened to the Unlikely Lads? A Hoaxing Metamorphosis

By David Harley and Randy Abrams

This paper traces the evolution of email-borne chain letters, from crude virus hoaxes to guilt-tripping semi-hoaxes, and examines both their (generally underestimated) impact on enterprises and individuals, and possible mitigations.

First published in Virus Bulletin 2009 Conference Proceedings.*

Is there a lawyer in the lab?

By Juraj Malcho

This paper by the Head of ESET's Virus Laboratory explores the complex legal problems generated by applications that can't be called out-and-out malware, but are nevertheless potentially unsafe or unwanted.

First published in Virus Bulletin 2009 Conference Proceedings.*

The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic

By David Harley

This paper follows up on "A Dose By Any Other Name", explaining why sample glut and proactive detection have sounded the death knell of the "one detection per variant" model.

Presented at the 3rd Cybercrime Forensics Education & Training (CFET 2009) Conference in September 2009.

Execution Context in Anti-Malware Testing

By David Harley

This paper explains why comparative test results based on static testing may seriously underestimate and misrepresent the detection capability of some products using proactive, behavioural techniques such as active heuristics and emulation.

First published in EICAR 2009 Conference Proceedings.

Understanding and Teaching Bots and Botnets

By Randy Abrams

Second in a series illustrating innovative ways of teaching the concepts behind a major security issue, the paper illustrates how botmasters capture computers and "recruit" them into virtual networks to use them for criminal purposes.

First published in Virus Bulletin 2008 Conference Proceedings.*

People Patching: Is User Education Of Any Use At All?

By Randy Abrams and David Harley

Presents the arguments for and against education as an antimalware tool, and how to add end users as an extra layer of protection in a defense-in-depth strategy.

AVAR Conference 2008

Who Will Test The Testers?

By David Harley and Andrew Lee

Making anti-malware testers and certifying authorities more accountable for the quality of their testing methods and the accuracy of the conclusions they draw, based on that testing.

First published in 2008 Virus Bulletin Conference Proceedings.*

A Dose By Any Other Name

By David Harley and Pierre-Marc Bureau

Tries to answer questions like; why is there so much confusion about naming malware? Is 'Do you detect virus X?' the wrong question in today's threat landscape?

First published in Virus Bulletin 2008 Conference Proceedings.*

Understanding and Teaching Heuristics

By Randy Abrams

Understanding and teaching the basic concepts behind heuristic analysis and how it is used in the anti-malware industry.

AVAR Conference 2007

Teach Your Children Well - ICT Security and the Younger Generation

By David Harley with Eddy Willems, and Judith Harley

Research based on surveys in Belgium and the UK on teenage understanding of internet security issues.

First published in 2005 Virus Bulletin Conference Proceedings.*

Testing, testing: Anti-Malware Evaluation for the Enterprise

By David Harley and Andrew Lee

Looks at appropriate and inappropriate ways of testing anti-malware products.

AVAR Conference 2007

Phish Phodder: Is User Education Helping or Hindering

By David Harley and Andrew Lee

Evaluates research on susceptibility to phishing attacks, and looks at web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence that discourages computer users from helping themselves?

First published in 2007 Virus Bulletin Conference Proceedings.*

From Fun to Profit

By Andrew Lee and Pierre-Marc Bureau

Presents an overview of the evolution of malicious software, focusing on the objectives of this type of program to provide evidence for their predictions as to how it will evolve in the years to come.

Infosec Paris 2007

Microsoft anti-virus — extortion, expedience or the extinction of the AV industry?

By Randy Abrams

Looks at the changes in the corporate culture at Microsoft and the company's re-entry into the anti-malware market. Will it reduce diversity of choice, and will it leave users in any better shape than MSAV did in the 1990s?

First published in Virus Bulletin Conference 2006 proceedings.*

Anti-Malware Testing - Industry Insight

By David Harley, June 2010

ESET's Sr. Research Fellow and member of AMTSO's Board of Directors considers whether AMTSO is engaging with the public as well as it might.

TDL3: The Rootkit of All Evil?

By Aleksandr Matrosov and Eugene Rodionov, June 2010

Subtitled "Account of an Investigation into a Cybercrime Group", this is a comprehensive consideration, by researchers with ESET’s partners in Russia, of the distribution and the internals of the TDL3 Rootkit, and the involvement of the Dogma Millions group.

Apple, Security, and the Power of Perception

By David Harley, April 2010

A short presentation on Apple security for InfoSecurity Europe, based on a paper subsequently presented in more detail at EICAR 2010 and available here.

AMTSOlutely Fabulous

By David Harley, April 2010

A Spotlight article about what AMTSO has achieved so far and what might lie ahead. Featured in January 2010's Virus Bulletin and hosted on the AMTSO web site.

The Weakest Computer Security Link

By Juraj Malcho, March 2010

Article in CTO Edge that explains how social engineering is used to trick computer users into downloading malware.

Crimeware and Current Hot Threats

By David Harley, March 2010

Article for Infosecurity Magazine that reviews both the tried-and-true and the latest methods that online criminals are using to steal information, and your money.

Facebook, Chain Letters are so Last Decade

By David Harley, March 2010

An article in Global Security Mag that discusses the evolution of yesterday's virus hoaxes and other chain letters to social networking sites like Facebook and Twitter.

Fact, Fiction and the Internet

By David Harley, January 2010

Discusses the increasing dangers of incautious use of social networking in an age where the regulation and use of data by financial and other institutions has not kept pace with a changing online world.

Never Mind Having Fun: Are We Safe Yet?

By David Harley, August 2009

Review of "Is it safe? Protecting your computer, your business, and yourself online" by Michael Miller (Que).

Originally published in Virus Bulletin, March 2009.*

CARO mio, AMTSO mon amour

By David Harley, June 2009

Commissioned article on the CARO (Computer Antivirus Researchers Organization) and AMTSO (Anti-Malware Testing Standards Organization) workshops in Budapest in May.

Originally published in Virus Bulletin, June 2009.*

The Myth of Fingerprints

By David Harley, March 2009

Published in Infosecurity magazine, Volume 6, Issue 2. Why the traditional naming conventions for malware no longer make sense. For purchase from Elsevier.

Making sense of anti-malware comparative testing

By David Harley, March 2009

In "Information Security Technical Report". For purchase from Elsevier. Addresses the problems around anti-malware testing and evaluation, and describes the industry's initiatives for mitigation.

Making sense of anti-malware comparative testing

By David Harley, March 2009

A pre-print version of the above article in "Information Security Technical Report" is available on David's personal web site, with the permission of the publisher.

Malware testing

By David Harley, November 2008

Considers the early impact of AMTSO, the Anti-Malware Testing Standards Organization, on the testing industry.

Yet Another Rustock Analysis...

By Lukasz Kwiatek and Stanislaw Litawa, August 2008

A detailed analysis of the Rustock.C rootkit and some of its self-defensive measures.

Originally published in Virus Bulletin, August 2008.*

Macs and malware: What are the dangers?

By David Harley, July 2008

Reviews some of the reasons why Macintosh computers in corporate environments need protection.

The trouble with testing anti-malware

By David Harley, January 2008

An overview of the problems that make most anti-malware tests so unreliable.

Fixing the virus problem?

By Andrew Lee, July 2006

Takes a realistic look at how far Vista can be expected to mitigate the user's exposure to malicious code.

Phish Fingering

By David Harley, July 2006

Review of "Phishing Exposed", Lance James's book for Syngress.

Originally published in Virus Bulletin, July 2006.*

War of the Words and I spy

By David Harley, September 2006

Reviews of Robert Slade's "Dictionary of Information Security" and "Combating Spyware in the Enterprise", by Baskin et al., both published by Syngress.

Originally published in Virus Bulletin, September 2006.*

Re-Floating the Titanic: Dealing with Social Engineering Attacks

By David Harley, 1998 [sic]

A paper originally presented at the 1998 EICAR conference, but which is currently being cited by a number of other resources due to its still topical taxonomical content and observations on good password practice.

A Tried and True Weapon: Social Engineering

By Cristian Borghello, translated by Chris Mandarano, added April 2010

A discussion of some of the ways in which attackers use psychological manipulation to trick their victims.

Choosing Your Password

By David Harley, added April 2010

Some ways of avoiding easily guessable passwords.

Ten Ways to Dodge CyberBullets

By David Harley, February 2010

Around New Year it seems that everyone wants a top 10: the top 10 most stupid remarks made by celebrities, the 10 worstdressed French poodles, the 10 most embarrassing political speeches and so on. We revisited some of the ideas that our Research team at ESET, LLC came up with at the end of 2008 for a "top 10 things that people can do to protect themselves against malicious activity."

Conficker by the numbers

By Sebastian Bortnik, February 2010

This is a translation for ESET LLC of a document previously available in Spanish by ESET Latin America (see http://eset-la.com/centro-amenazas/2241-conficker-numeros).

The Internet Book of the Dead

By David Harley, January 2010

This paper is a bit different from other papers you'll find on the ESET white papers page. Following is a mock interview between Dan Damon, of BBC radio and David Harley discussing the complications of a digital world when someone passes away.

2010: Cybercrime Coming of Age

January 2010

The Research teams in ESET Latin America and ESET, LLC put their heads together in December 2009 to discuss the likely shape of things to come in the next 12 months in security and cybercrime.

Staying Safe on the Internet

By David Harley, September 2009

On the Information Superhighway, the traffic signals are always at amber. Here are some suggestions for reducing the risk from collisions and carjacks. Part One of a series of short papers.

Keeping Secrets: Good Password Practice

By David Harley and Randy Abrams, August 2009

Everyone knows that passwords are important, but what is a good password and how do you keep it safe?

Social Security Numbers: Identification is Not Authentication

By David Harley, August 2009

Americans are often expected to share their SSNs inappropriately: what are the security implications, and how serious are they?

Playing Dirty

By Cristian Borghello, August 2009

Describes in detail how criminals make money out of stealing online gaming credentials and assets.

Cybersecurity Review: Background, threatscape, best-practices and resources

By Jeff Debrosse

Cybersecurity is about protecting information and its related resources. This paper examines the different threats we face from cybercrime (the threatscape), real-world statistics to explain the scope and reach of cybercrime, and consumer and business best-practices — to protect both critical and non-critical information.

Free but Fake: Rogue Anti-malware

By Cristian Borghello, March 2009

Understanding and avoiding fake anti-malware programs that offer "protection" from malware that doesn't really exist.

Common Hoaxes and Chain Letters

By David Harley, May 2008

An ongoing series of papers that describe some of the commonly-found lies and half-truths that continue to circulate on the Internet, and discuss some ways of identifying them.

Net of the Living Dead: Bots, Botnets and Zombies

By David Harley and Andrew Lee, February 2008

Describes the botnet phenomenon in detail: its origins and history, current trends, and what you need to do about it.

The Spam-ish Inquisition

By David Harley and Andrew Lee, November 2007

A detailed overview of spam, scams and related nuisances, and some of the ways of dealing with them.

ESET Smart Security 4

By ESET Research Department, February 2009

A detailed overview of ESET's flagship security package by the team that brings you the ESET series of product-independent threat analyses.

A Pretty Kettle of Phish

By David Harley and Andrew Lee, July 2007

Understand and avoid the attentions of phishers and other Internet scammers.

Heuristic Analysis - Detecting Unknown Viruses

By David Harley and Andrew Lee, March 2007

A detailed analysis of the differences between traditional threat-specific detection and proactive detection by generic detection and behavior analysis.

The root of all evil? - Rootkits revealed

By David Harley and Andrew Lee, September 2006

This paper describes and de-mythologizes the rootkit problem, a serious but manageable threat.

The Passing Storm

By Pierre-Marc Bureau, David Harley, Andrew Lee, and Cristian Borghello, February 2009

The Storm botnet may have blown itself out, but its legacy remains. This paper places Storm in the context of botnets in general, examining its technical, social, and security implications.

Endpoint Security: Proactive Solutions for Networkwide Platforms

By Andrew J. Hanson, Brian E. Burke and Gerry Pintal

IDC # 216642

Beyond Signature-Based Antivirus: New Threat Vectors Drive Need for Proactive Antimalware Protection

By Brian E. Burke

adapted from Worldwide Antivirus 2006-2010 Forecast Update and 2005 Vendor Analysis. IDC #204715

Malware Detection Techniques

By Frost & Sullivan

Perception, Security and Worms in the Apple

By David Harley, Pierre-Marc Bureau, Andrew Lee, May 2010

The slide deck that accompanies the paper on Mac security presented by the authors at EICAR in May 2010.

Real Performance?

By Jan Vrabec and David Harley, May 2010

The slide deck that accompanies the paper on performance testing presented by the authors at EICAR in May 2010.

The Curious Art of Anti-Malware Testing

By David Harley, December 2009

A presentation on some of the problems with anti-malware testing and summarizing the mission and principles of the Anti-Malware Testing Standards Organization (AMTSO).

Presented to the Special Interest Group in Software Testing of the BCS Chartered Institute for IT (formerly the British Computer Society).

Malware, Marketing and Education: Soundbites or Sound Practice?

By David Harley and Randy Abrams , December 2009

This presentation accompanies the paper of the same name, which considers the practical, strategic and ethical issues that arise when the security industry augments its marketing role by taking civic responsibility for the education of the community as a whole.

First presented at AVAR 2009 in Kyoto.

Is there a lawyer in the lab?

By Juraj Malcho, September 2009

This presentation by the Head of ESET's Virus Laboratory explores the complex legal problems generated by applications that can't be called out-and-out malware, but are nevertheless potentially unsafe or unwanted.

Presented at the VB2009 conference in September 2009: the conference paper itself is available in "ESET Conference Papers" above, by kind permission of Virus Bulletin.

Comparative Review: Fast and Effective Endpoint Security for Business

By PassMark

February - June 2010 Comparative Tests

By Virus Bulletin

June - October 2008 Comparative Tests

By Virus Bulletin

ESET Smart Security Business Edition Comparative Testing

By West Coast Labs, September 2008

Retrospective/Proactive Test

By AV-Comparatives.org, May 2008

Anti-Virus Comparative Summary Report 2007

By Andreas Clementi

AV-Comparatives.org

Windows XP Product Comparative Tests

By Virus Bulletin, June 2006

2005-2006 Comparative Tests

By Virus Bulletin

2004-2005 Comparative Tests

By Virus Bulletin

Anti-Spyware Solutions Technology Report

By West Coast Labs, February 2006

Untangling the Wheat from the Chaff in Comparative Anti-Virus Reviews

By David Harley

This independent white paper provides a guide to spotting some common errors in the implementation of the anti-malware comparative tests, and was one of the documents referenced in the AMTSO "Fundamental Principles of Testing" document.

The Fundamental Principles of Testing is also available in Spanish courtesy of ESET Latin America

By ESET Latin America

Anti-Phishing Working Group

APWG is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

Anti-Spyware Coalition

The ASC is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies. Composed of anti-spyware software companies, academics, and consumer groups, the ASC seeks to bring together a diverse array of perspectives on the problem of controlling spyware and other potentially unwanted technologies. ESET is actively participating in these important discussions.

AVAR

The Association of Anti-Virus Asia Researchers is a not-for-profit group of security researchers centred in the Asia Pacific region, but also includes representatives of companies in the USA, Europe and so on, including ESET. AVAR also organizes one of the major anti-malware conference events of the year.

AVIEN

AVIEN (Anti-Virus Information Exchange Network) is the largest grassroots discussion network of independent anti-virus researchers in the world, representing many millions of end-users. Since 2008, the organization incorporates AVIEWS (Anti-Virus Information and Early Warning System), and the combined organization brings together Anti-Virus software vendors, corporate security professionals and independent researchers in a discussion and information sharing network of anti-malware professionals, providing early identification and warning of new malware.

Cisco® Network Admission Control (NAC)

Cisco Network Admission Control (NAC) leverages the network infrastructure to limit damage from viruses and worms. Using Cisco NAC, organizations can provide network access to endpoint devices, such as PCs, PDAs, and servers that fully comply with established security policy. Cisco NAC allows noncompliant devices to be denied access, placed in a quarantined area, or given restricted access to computing resources.

EICAR

Originally the European Institute for Computer Antivirus Research, but now active in the wider security arena. Best known for the EICAR test file but also organizes a significant yearly conference.

Microsoft Virus Information Alliance (VIA)

ESET has joined forces with Microsoft and other anti-virus vendors to provide detailed information on significant viruses that affect Microsoft products. Microsoft's PSS Security Team will post updated information on this website regarding new and potentially damaging viruses that have been discovered in the wild.

Virus Bulletin

Home site for a monthly magazine which is a vital resource for anyone interested in anti-malware research, and the most important yearly conference dealing with this area of security.