Notes from EICAR

Hello folks. Jeff Williams, Tony Lee, Jigar Mody, and I have returned from the EICAR conference in Hamburg, Germany which, as a port city with a similar climate, reminded me of Seattle (but with more bratwurst). The event itself was well-organized and, at about 100 attendees, was a great size to enable networking in a close, comfortable environment. What is especially nice about this conference is that it attracts and encourages students and professors so there was a great mix of professionals and members of academia. Especially for the academics, in some cases, this is the only antimalware event they will attend so it was great to see and interact with some new faces.

 

Similarly, I found many of the sessions presented to be unique and interesting. For example, a paper entitled "TTAnalyze: A Tool for Analyzing Malware" by Ulrich Bayer of Ikarus Software and Christopher Kruegel and Engin Kirda of the Technical University of Vienna presented some neat techniques for investigating malware behavior in an automated fashion. This paper was recognized as the best academic paper by EICAR amongst a fairly competitive field. Also, while I'm slightly biased, I thought that Tony and Jigar's presentation on Behavioral Classification was excellent. The session was well attended and attracted some healthy discussion afterwards which continued ad-hoc through the remainder of the conference. With the permission of EICAR, we're pleased to be able to make Tony and Jigar's paper available from the Microsoft Download Center, so enjoy ! 

 

Another interesting thread of sessions and discussions was on testing of anti-spyware applications. Both Larry Bridwell from ICSA Labs and Josh Harriman from Symantec offered presentations on this topic. Unlike the antivirus product testing and certification space, which is reasonably established, antispyware testing is still in its infancy. The number of different custom evaluations being conducted currently is dizzying with almost all offering different criteria. Microsoft is actively working with other entities in the security industry on making a set of more deterministic and reproducible evaluations. Along this vein, Jeff and Eric Allred will be at the Antispyware Coalition (ASC) meeting in Ottawa May 15-16, along with representatives from most of the other security vendors. If you have input into antispyware testing standards, I highly recommend you attend this event and chat with Jeff and Eric .... or reply to this blog post.

 

Matt