MoMusings

As previously mentioned on this blog I had a paper selected for the EICAR 2006 conference which was held at the Hotel Hafen in Hamburg, Germany between the 30th of April and the 3rd of May.

The hotel was quite interesting, made up of the ‘Classic’ part [left side of the picture with the hotel name on it]; which was the sailor’s mission [home] from 1864 until 1979, and the new ‘Residenz’ modern section [on the right side, includes the modern tower and you can just see part of the Ellipses]. The conference was held in the modern part of the hotel for the first two days, and then moved to the ‘Classic’, old part of the hotel for the final day.

This posting is a quick review of the conference and as promised a link to the full paper which I wrote for, and presented at, the conference:

Day 1 - Sunday 30th April:

The start of the day was used by many of the Working Groups and Task Forces that EICAR has. The conference ‘proper’ was kicked off by Sarah Gordon who gave her keynote speech. Sarah covered some interesting areas such as sociology, ethics and her being seen as a heretic when she originally published some of her research and ideas some years ago. These have now [for the main part] become considered as part of the mainstream. At the end of her keynote, Sarah challenged those in the room to dare to be the next heretic!

This was followed by a panel session about ‘groups’ in both the anti-malware and malware scenes.

After a break, I decided to stay in one of the two streams, this one being held in Ellipse I. The session room was smaller, but the number of people attending them meant that a number had to stand as there was not enough seating. The ones that I found most interesting were:

• Mystery Meat: Where does spam come from, and why does it matter? - Presented by Christopher Lueg.
• Spam Zombies from Outer Space. - Presented by John Aycock and Nathan Friess

Both of these caused a flurry of questions and the lively debate raged on after the sessions.

The end of day 1 was rounded off by the ‘Meet the Experts’ session which was a chance for many of us to chat more and discuss what we had seen or heard so far, catch up with old friends, make new friends and contacts and generally chew-the-cud in a geeky/nerdy sort of way.

Day 2 - Monday 1st May:

The first sessions of the day that I attended were held in Ellipse II and were all on Spyware; from very different perspectives. I was the second slot of the four to be given during the first half of the morning.

• Spyware: A risk model for business - Presented by Vanja Svajcer
• Spyware: Risks, Issues and Prevention - Presented by Martin Overton
• The Trials and Tribulations of Testing Spyware Solutions: Towards a Testing Methodology - Presented by Larry Bridwell
• A Testing Methodology for Anti-Spyware Product’s Removal Effectiveness - Presented by Josh Harriman

The next set of presentations which I found interesting were these:

• Behavioral Classification - Tony Lee
• TTAnalyze: A Tool for Analyzing Malware - Presented by Ulrich Bayer, Engin Kirda, Christopher Kruegel
• Enlisting the End-User - Education as a Defense Strategy - Presented by Jeannette Jarvis
• Pharming: a real threat? - Presented by David Sancho
• Evolution from a Honeypot to a distributed honey net - Presented by Oliver Auerbach

The end of day 2 was rounded off by the Gala Dinner; good food and wine were supplied. The after dinner entertainment was supplied by a somewhat manic magician who spoke very fast and almost only in German which left about half to two-thirds of those assembled trying to work out the jokes, punchlines and the general patter that went along with the rather good magic.

Day 3 - Tuesday 2nd May:

On the last day of the main conference we moved from a two stream format to a single stream held in a conference room in the ‘Classic’ part of the hotel. This layout was significantly better than the first two days where it was somewhat cramped and there were no tables, only rows of chairs.

The day started off with another keynote, this time it was given by Professor Klaus Brunnstein. Although it was a very interesting talk he over ran by almost half an hour which put the rest of the days schedule off. Here are the presentations that I found most interesting druing the morning sessions:

• Inherent Technical Risks will lead Information and Knowledge Societies into a risk Society - Presented by Prof. Klaus Brunnstein
• Future Trends in the realm of malware - Presented by Guillaume Lovett
• Windows Rootkits - Presented by Mika Stahlberg

The rootkit one I found particularly interesting as I’m currently writing a paper for the Virus Bulletin conference on this very subject. Thanks go to Mika for helping me by writing and presenting his paper [and sending me his slides too] as this will help me no end in writing mine [with due credit of course].

The afternoon also proved to be eventful as several of the sessions planned had to be removed due to speakers not turning up to present. This meant that the schedule went from being half an hour late to almost an hour early. So, the panel session was moved forward to take up the slack. As usual with panel sessions this proved to be quite animated, especially when David Perry of TREND is part of the panel .

I didn’t stay for the last day [3rd of May] as it was a day just for Task Force meetings.

All in all, this was a very good EICAR conference, in fact it was the best attended ever with almost 100 attendees! I’m already looking forward to next years.

Just in case you didn’t spot the link to my paper, here it is again: Spyware: Risks, Issues and Prevention