KEYNOTE TALK AVerify: AN OPEN-SOURCE ANTI-VIRUS - Eicar

More documents

Recommendations

Info

Some difficulties of testing � Reverse-engineering: to be avoided? – Or just claim to have been very lucky ;) – Reading the fine print, tedious but required � Evaluation versions can be hard to find – Some AV companies make it easy, others not – Could be considered a single test in itself � Finding new threats is a challenge in itself Finding new threats is a challenge in itself – Even AV companies have trouble obtaining samples 2010-05-10 EICAR 2010
More difficulties of testing � Can the test environment be considered realistic? – Many malware detect VMware and other vm – Single tests may run for a few minutes, real users use their computer for hours � A better setup would require: – One physical machine per AV in parallel with identical hardware – “dummy” dummy” robots mimicking users – Knowing which malware are the most common – Gaining access to new samples near release time 2010-05-10 EICAR 2010
Page 1 and 2: AVerify Towards verifiable anti-vir
Page 3 and 4: A philosophical note � The bad gu
Page 5 and 6: (not my fault) 2010-05-10 EICAR 201
Page 7 and 8: Let’s search “antivirus reviews
Page 9 and 10: “Race Race To Zero” (2008) Chal
Page 11 and 12: The firewall “leak tests” � G
Page 13 and 14: � Low-level access EICAR 2009 200
Page 15 and 16: � Code injection: 2008 versions C
Page 17 and 18: The iAWACS 2009 Challenge � Goal:
Page 19 and 20: The iAWACS 2010 Challenge � Diffe
Page 21: The Guillermito case � 2001, Tega
Page 25 and 26: Does CC Certification make sense?
Page 27 and 28: AVerify � Inspired by the EICAR a
Page 29 and 30: Planned tests #1: HIPS features �
Page 31 and 32: Planned tests #3: real-world � Th
Page 33 and 34: An interesting attack � “KHOBE
Page 35 and 36: Scripting a virtual machine � Che
Page 37 and 38: On providing samples � Distributi
Page 39 and 40: The future of AVerify? � Lots of
Page 41: Q&A Thank you for your attention! 2

KEYNOTE TALK AVerify: AN OPEN-SOURCE ANTI-VIRUS - Eicar

Create successful ePaper yourself

Delete template?

Save as template?