Hello folks. Jeff Williams, Tony Lee, Jigar Mody, and I have returned from the EICAR conference in
Similarly, I found many of the sessions presented to be unique and interesting. For example, a paper entitled “TTAnalyze: A Tool for Analyzing Malware” by Ulrich Bayer of Ikarus Software and Christopher Kruegel and Engin Kirda of the Technical University of Vienna presented some neat techniques for investigating malware behavior in an automated fashion. This paper was recognized as the best academic paper by EICAR amongst a fairly competitive field. Also, while I’m slightly biased, I thought that Tony and Jigar’s presentation on Behavioral Classification was excellent. The session was well attended and attracted some healthy discussion afterwards which continued ad-hoc through the remainder of the conference. With the permission of EICAR, we’re pleased to be able to make Tony and Jigar’s paper available from the Microsoft Download Center, so enjoy !
Another interesting thread of sessions and discussions was on testing of anti-spyware applications. Both Larry Bridwell from ICSA Labs and Josh Harriman from Symantec offered presentations on this topic. Unlike the antivirus product testing and certification space, which is reasonably established, antispyware testing is still in its infancy. The number of different custom evaluations being conducted currently is dizzying with almost all offering different criteria. Microsoft is actively working with other entities in the security industry on making a set of more deterministic and reproducible evaluations. Along this vein, Jeff and