Antivirus Researchers Fight against Viruses and Hurricanes The antivirus research community is a very active one. The top researchers in this field never miss an opportunity to get together and chat. Neither hurricanes nor earthquakes can stop them. And that is not a figure of speech: this years Virus Bulletin conference in New Orleans proved that a small hurricane is no obstacle for an antivirus researcher.The annual Virus Bulletin conference is one of the best opportunities to learn the latest about what is happening on the antivirus front, such as what is essential when dealing with todays viruses, how viruses will work in the next version of Windows, and what new replication techniques we will face tomorrow. This is a must-attend event not only for people involved in antivirus research, but also for staff at large organizations who would like to ensure that viruses do not disrupt their businesses. This years Virus Bulletin conference did not get off to a good start. Hurricane Isidore passed within a few miles of the conference site the night before the event began. Luckily, Isidore had lost much of its strength by the time it closed in on New Orleans and was officially classified as a tropical storm at that stage. However, this is still problematic for a city that lies mostly below sea level. The city limits are equipped with floodgates that are supposed to stop the Mexican Gulf from entering. Huge pumps take care of the rainwater. The strong winds did not cause much damage, but the flooding did. Rainfall like this makes the streets look like rivers even in a well-prepared city like New Orleans. The hurricane mad a mess many conference attendees travel plans. People arrived late and some even had to cancel the trip. But the conference was a success, despite these difficulties. 34 papers were presented, often resulting in lively discussions. F-Secure Corporation was well represented this year. Three papers written by F-Secure employees were acceptedthe highest number ever from a single company. Sami Rautiainens paper Hidden under the Hood Linux Backdoors explored ways to hide backdoor programs in the Linux operating system. Gergely Erdelyi analyzed disinfection methodology in Cleaning up the Mess: Time to Redefine Disinfection? Katrin Tocheva and Dr. Vesselin Bontchev went into details about several macro- and script-viruses in their paper entitled Macro and Script Virus Polymorphism. This paper was especially well received and appreciated by many of the conference delegates.Many papers did touch upon the subject of rapidly spreading worms. This issue seems to be one of the most interesting research fields at the moment. It is constantly getting more difficult to keep up with the worms that spread around the globe in a day. This underlines the need for real-time updates like the system that F-Secure has been providing for years. Making fast and smooth updates is the most reliable way to stop the worms today. But several papers in this years conference presented an alternative approach. Worm-like activities can be detected by a computer attached to the public Internet or by a set of sensors in a corporate network. This system may be able to automatically detect a new worm and produce blocking instructions. A lot of research is, however, still needed before this technology is useful for a large number of customers. But this may be the way to go in the future. Pure network worms have the potential to spread much faster than the e-mail worms that are common today. A network of automatic sensors would be able to react quickly to this kind of attack once efficient detection algorithms were developed. Future network worms may actually be so fast that this approach will be required. This also underlines the fact that network security threats and viruses are melting together into one common threat scenario. As the fast worms rely on network security holes to spread, it is crucial for an antivirus product to have the ability to monitor and control network traffic as well.In summary, the conference was well-organized and the presentations were interesting and challenging. In the end, the hurricane did not have much impact on the events, thanks to a hardworking crew. The wrath of another mighty force, US customs, had a much more visible impact due to last years incidents in the USA having justifiably raised security measures to the highest levels. The conference proceedings were shipped by air cargo from the UK to New Orleans. Unfortunately, the shipment also contained two coffee cups to be used as pencil-holders at the registration desk. The customs officers immediately smelled something fishy: coffee cups with the word virus printed on them! That cant be safe, so lets quarantine them! They held up the whole shipment while their laboratory tried to replicate virus strains from the suspect cups. Needless to say, Virus Bulletin staff tried to convince them that this was about computer viruses, but to no avail.Now back at the office, I have just received a package containing the Virus Bulletin 2002 conference proceedings and am looking forward to several nights of interesting reading.Author: Mikael Albrecht, Product Manager Begin | Back
Traditional New Orleans jazz band entertained seminar participants
Flooding at streets caused by Isidore hurricane
Sami Rautiainen gave a presentation about the Linux environment
The antivirus research community is a very active one. The top researchers in this field never miss an opportunity to get together and chat. Neither hurricanes nor earthquakes can stop them. And that is not a figure of speech: this years Virus Bulletin conference in New Orleans proved that a small hurricane is no obstacle for an antivirus researcher.