Posted by Virus Bulletin on Jun 21, 2013
We speak to VB2013 presenters Lysa Myers and David Harley about their research interests and what they aim to bring to the conference.
The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today's most pertinent security-related topics.
In the build-up to the event we will be running a series of blogs in which we introduce the speakers and find out a bit more about their research interests and what they aim to bring to the conference.
To kick things off, we spoke to David Harley (ESET) and Lysa Myers (Intego) who will speak at VB2013 on the subject of anti-malware product testing on the Mac platform.
Tell us a little bit about yourself - your job and your responsibilities.
"I am, in fact, thoroughly irresponsible, as befits a Senior Research Fellow (hey, not so much of the senior!). My role at ESET is consultative, though in fact most of what I do is writing blogs and papers, editorial stuff, and occasionally talking to the press.
"I'm in the privileged position of being allowed quite a lot of latitude in what and where I write. My favourite hobby horses tend to be product testing, Macs, hoaxes, social engineering, user education, anything around the psychosocial end of the spectrum. Fortunately, I get to work with people who are much better at the hands-on stuff than I am, and they keep me fairly up-to-date with the techie stuff, while I get to exercise my editorial red pencil."
"Like David's, my job includes a lot of writing about different areas of security (plus Apple-y goodness) that I find interesting. My primary focus is on educating regular users, as most material out there is still meant for folks that are fairly technical. My goal is to explain things in a way that my parents can understand, while also not boring them to death. You don't have to understand how a car works to be able to drive it safely - nor should you have to understand what makes a computer go, in order to use it safely."
Can you give us a brief outline of what you will be speaking about at VB2013?
"In some ways, the Mac threatscape hasn't changed much since I was supporting Macs in the 1990s. Mac users are still in denial (though less aggressively so since Flashback) when it comes to security, and indeed the number of Mac threats is still relatively tiny. Testing, on the other hand, has made a great deal of progress - but Mac product testing hasn't made nearly as much progress. In fact, Apple's building limited signature detection into the OS has tended to force testers back to an old-school static-testing approach that isn't very different from the testing I did in the 1990s. Our aims are:
"I think we can all agree that Macs do indeed 'get viruses'. And we probably all know that anti-malware product testing is a very controversial subject. It's no less so on operating systems that lack the massive numbers of malware found on Windows. The problems of testing products on other operating systems are simply different, and because this is a fairly new area of research for most of us, there are a lot of details we have yet to hammer out. Apple is known for having a fairly strict approach to installing outside code, which hasn't completely deterred malware writers, but it does make for a very different playing field when it comes to the usual approach to testing. We'll discuss what makes OS X in particular so tricky for testers, and what we might be able to do to keep tests both relevant and fair."
Why is your presentation particularly relevant to the security community?
"OS X has been a real area of interest to malware writers lately, and there are a lot of people that are starting to have the need for information about the Mac malware landscape. Likewise, as there has been growing doubt about the effectiveness of anti-malware products, third party tests have been increasingly important in making security purchasing decisions."
"The presentation gives me the chance to combine two of my favourite obsessions: Macs and product testing. In fact, it's a partial return to the topic of a paper I presented at VB'96, which included a consideration of the range of Mac-specific anti-malware technology, albeit without the testing dimension. However, working on it with Lysa, whose experience with both testing and Mac AV is much more recent and much more intensive than mine, means that we can extend the discussion over a much broader spectrum of experience and topicality."
What can delegates learn from your presentation?
"Whether you're working for an anti-malware vendor, a consumer of anti-malware products or a tester, there should be useful information to you. Many researchers have so much on their hands with Windows malware they don't get much time to hear about what's going on in Mac-land - we'll provide a good overview of the Mac malware landscape and the native OS X protection. Many testers are in the process of beginning or improving their Mac testing regime, and this presentation by two folks that are experts in both Mac malware and testing should give food for thought about how to shape a test methodology.
"Consumers can use information in this presentation to learn what would constitute a good test of OS X products, to decide both which tests and which products to rely on."
"How to co-author with somebody younger and smarter so that they make it look as if you know what you're doing."
What other presentations are you looking forward to?
"There's lots to look forward to, as always, but I'll be particularly interested in testing-related presentations such as 'The Real Time Threat List' by AMTSO board members and 'A meta-analysis of recent malware tests' by Richard Ford and Liam Mayron of Florida Tech.
"Methusela Cebrian Ferrer's 'Infection vector: cyberspace junk, waste, and zombies' also sounds intriguing and maybe a little reminiscent of a paper I wrote on The Internet Book of the Dead. I'll also be listening in on some of the presentations about Android."
"Not surprisingly, I'm interested in the same ones as David mentions: 'The Real Time Threat List', 'A meta-analysis of recent malware tests', and 'Infection vector: cyberspace junk, waste, and zombies'. Plus a presentation by two esteemed former coworkers of mine: 'Real-world testing, the good, the bad, and the ugly'."
How many VB conferences have you been to?
"My first VB was eight years ago, and I've been to most of the rest since then."
"This will be my 14th VB conference - and my 14th VB conference paper!"
Have you visited Berlin before? Have you any recommendations for places to visit/things to do whilst in town?
"I've visited Berlin a couple of times (both for EICAR conferences). In fact, my first visit was also my first trip abroad with the lady who is now my wife, though she saw much more of the place than I did.
"Not everyone is comfortable visiting zoos, but Berlin's is very good. Head for Unter Den Linden for some fabulous coffee and cake eateries. The Gedächtniskirche, the Brandenburg Gate and the Holocaust Memorial are must-sees. There are some nice woody walks in the Tiergarten and pay a visit to Goldelse, the lady at the top of the Victory Column, who always makes me think of Wings of Desire."
"This will be my third visit to Berlin. My first trip was very brief, and my second trip was very jet-lagged!"
"I also really enjoyed Berlin zoo, because while I may look like a grown-up, I'm still a six-year-old at heart :)
"Since I'm the first generation of my family not to have lived in Germany for at least a few years, I grew up eating a lot of German food and hearing German spoken around me. I'm looking forward to doing both for the first time in ages!"
What else are you looking forward to at VB2013?
"The networking, of course: as I get older and less inclined to globetrot, VB is the best chance I get to catch up with the friends I've acquired over nearly 25 years in the business. There is a good chance that some of that networking will take place in the bar... With my state pension beckoning next year, this may be my last VB, so I intend to take full advantage of the social opportunities."
"My favourite part of VB will always be catching up with colleagues (in the bar, naturally), but it's always fun to meet new people and get new information!"
David Harley and Lysa Myers will present 'Mac hacking: the way to better testing?' at 14:00 on Thursday 3 October.
The full programme for VB2013, including abstracts for each paper, can be viewed here.
Read more about why you should attend VB2013 - and download our letter templates as a guide for justifying to your budget holder why you should attend VB2013.
VB2013 takes place 2-4 October 2013 in Berlin, Germany - online registration is now open - we'd love to see you there!
Posted on 21 June 2013 by Helen Martin