Last-minute presentations:

14:00 - 14:20 VB testing - present status, future plans John Hawes, Virus Bulletin
14:20 - 14:40 Race to zero with online scanners Boris Lau, Sophos

download slides (PDF)

14:00 - 14:20 VB testing - present status, future plans, John Hawes, Virus Bulletin

VB's unique VB100 comparative review system has been around for 10 years, and has seen few changes in its core design since its 1998 inception. Over the last few years, VB has introduced a range of additions to the data produced in each test, including significant redesigns of the speed tests and 'zoo' collections.

Now, for the first time in 10 years, VB plans to introduce a major new addition to these tests. The new test is based around a system of weekly test sets which cover the three weeks immediately prior to product freezing as well as one week after. The test is designed to measure the ability of AV labs to keep up with the 'flood' of new malware, as well as introducing measurements of heuristic and generic detection abilities, through the element of retrospective testing. We hope it will show some interesting trends over time.

This presentation will focus on the latest addition to the testing line-up. We'll look at how and why these changes have been designed and implemented, and some of the problems involved, and will also cover further plans for expansion and improvement in the future.

14:20 - 14:40 Race to zero with online scanners, Boris Lau, Sophos

DEFCON 2008 proposes to challenge AV vendors by modifying malware samples to avoid detection by anti-virus scanners (http://www.racetozero.net/). However, we have already been observing these activities in the wild as malware authors attempt to systematically break detection with various online scanners using existing AV detection.

Observing malware authors using their tricks gives us a unique opportunity to understand their working processes. Analysing this information allows the AV industry to stay ahead in the fight against malware.

At SophosLabs we have a database of samples submitted to the labs which provide statistics that enable us to correlate samples from various sources and establish a picture of the workflow of malware authors. In this presentation I will use recent case studies based on data taken from our database to show the efforts malware authors put into evading detection.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘The whole conference was superb. Not enough superlatives to describe it.’

Poll

How should software and OS patching/security updates be managed?

Leave a comment
View 19 comments

VB100 certification

This month's comparative review tackles the 64-bit version of Windows Server 2003 - with the platform bringing out quite a number of quirks and oddities in several of the products under test.
See full results.

Virus Bulletin currently has 165,662 registered users.

Fighting malware and spam