Thanks to everyone @ VBUG Birmingham last night for making me so welcome. I was greated with lots of Halloooween pumpkins - one of which was carved with a semi-colon in it rather than a face - a C# joke apparently!
I delved into how Malware gets onto machines, how it works and how to avoid it. I also talked @ length about how to write secure code and advocated reading Michael Howard & David Le Blanc's excellent book Writing Secure Code(2nd edition).
Another interesting book is 19 Deadly Sins
To read more about the Security Development Lifecycle(SDL) browse here
I demonstrated a number of techniques for manual investigation of suspicious software including Mark Russinovich's excellent resources @ SysInternals. Mark has an interesting blog @ Sysinternals - there's an article that nicely summarizes RootKits here
Thanks again to Mark for allowing me to re-use his presentation from TechEd 2005.
As several of the attendees mentioned in the blog posts (including this one here)my over-riding message was DON'T LET DODGY (Malware infested) software ON YOUR MACHINE(s) IN THE FIRST PLACE!!!! Use least privilege, treat all input as EVIL until proven otherwise, don't accept executables from unknown sources, believe everyone IS out to get you/your data/reputation.
The feedback comments were interesting too:
"Very interesting, packed with information - a lot to take in"
"Feeling rather insecure now.. very very scary"
"Very interesting, not sure I want to do any more surfing... will read the security book"
"Very good, but lost me a bit"
"Excellent, have given me lots of pointers to investigate further, wish it could have been longer"
"Excellent transport of knowledge"
"Excellent - very thought provoking - should have more of these, 3 a year"
"Excellent Very interesting"
"This was one area I knew nothing about - given chat was interesting and more importantly understandable"
"Very good session, excellent job, lots of great info"
IF YOU'D LIKE ME TO SPEAK @ YOUR DEV / IT PRO Gathering please add a comment / email me and I'll come along OR webcast to you if I can.