白皮書

Malware and antivirus software

下載白皮書

ESET 會議文章 下載
"The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic" by David Harley
This paper follows up on "A Dose By Any Other Name", explaining why sample glut and proactive detection have sounded the death knell of the "one detection per variant" model. Presented at the 3rd Cybercrime Forensics Education & Training ( CFET 2009 ) Conference in September 2009.
The Game of the Name
"Execution Context in Anti-Malware Testing" by David Harley
This paper explains why comparative test results based on static testing may seriously underestimate and misrepresent the detection capability of some products using proactive, behavioural techniques such as active heuristics and emulation. First published in EICAR 2009 Conference Proceedings .
Execution Context in Anti-Malware Testing
"Understanding and Teaching Bots and Botnets" by Randy Abrams
Second in a series illustrating innovative ways of teaching the concepts behind a major security issue, the paper illustrates how botmasters capture computers and "recruit" them into virtual networks to use them for criminal purposes. First published in Virus Bulletin 2008 Conference Proceedings.*
Understanding and Teaching Bots and Botnets
"People Patching: Is User Education Of Any Use At All?" by Randy Abrams and David Harley
Presents the arguments for and against education as an antimalware tool, and how to add end users as an extra layer of protection in a defense-in-depth strategy. (AVAR Conference 2008)
People Patching: Is User Education Of Any Use At All?
"Who Will Test The Testers?" by David Harley and Andrew Lee
Making anti-malware testers and certifying authorities more accountable for the quality of their testing methods and the accuracy of the conclusions they draw, based on that testing. First published in 2008 Virus Bulletin Conference Proceedings.*
Who Will Test The Testers?
"A Dose By Any Other Name" by David Harley and Pierre-Marc Bureau
Tries to answer questions like; why is there so much confusion about naming malware? Is 'Do you detect virus X?' the wrong question in today's threat landscape? First published in Virus Bulletin 2008 Conference Proceedings.*
A Dose By Any Other Name
"Understanding and Teaching Heuristics" by Randy Abrams
Understanding and teaching the basic concepts behind heuristic analysis and how it is used in the anti-malware industry. (AVAR Conference 2007)
Understanding and Teaching Heuristics
"Teach Your Children Well - ICT Security and the Younger Generation" by David Harley with Eddy Willems, and Judith Harley
Research based on surveys in Belgium and the UK on teenage understanding of internet security issues. First published in 2005 Virus Bulletin Conference Proceedings.*
Teach Your Children Well - ICT Security and the Younger Generation
"Testing, testing: Anti-Malware Evaluation for the Enterprise" by David Harley and Andrew Lee
Looks at appropriate and inappropriate ways of testing anti-malware products. (AVAR Conference 2007)
Testing, testing: Anti-Malware Evaluation for the Enterprise
"Phish Phodder: Is User Education Helping or Hindering" by David Harley and Andrew Lee
Evaluates research on susceptibility to phishing attacks, and looks at web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence that discourages computer users from helping themselves? First published in 2007 Virus Bulletin Conference Proceedings.*
Phish Phodder: Is User Education Helping or Hindering
"From Fun to Profit" by Andrew Lee and Pierre-Marc Bureau
Presents an overview of the evolution of malicious software, focusing on the objectives of this type of program to provide evidence for their predictions as to how it will evolve in the years to come. (Infosec Paris 2007)
From Fun to Profit
"Microsoft anti-virus — extortion, expedience or the extinction of the AV industry?" by Randy Abrams
Looks at the changes in the corporate culture at Microsoft and the company's re-entry into the anti-malware market. Will it reduce diversity of choice, and will it leave users in any better shape than MSAV did in the 1990s? First published in Virus Bulletin Conference 2006 proceedings.*
Microsoft anti-virus - extortion, expedience or the extinction of the AV industry?
ESET 的調查報告 下載
"Never Mind Having Fun: Are We Safe Yet?" by David Harley (August 2009)
Review of "Is it safe? Protecting your computer, your business, and yourself online" by Michael Miller (Que). Originally published in Virus Bulletin, March 2009.*
Are We Safe Yet
"The Myth of Fingerprints" by David Harley (March 2009)
Published in Infosecurity magazine, Volume 6, Issue 2. Why the traditional naming conventions for malware no longer make sense. For purchase from Elsevier.
The Myth of Fingerprints
"Making sense of anti-malware comparative testing" by David Harley (March 2009)
In "Information Security Technical Report". For purchase from Elsevier. Addresses the problems around anti-malware testing and evaluation, and describes the industry's initiatives for mitigation.
Making sense of anti-malware comparative testing
"Making sense of anti-malware comparative testing" by David Harley (March 2009)
A pre-print version of the above article in "Information Security Technical Report" is available on David's personal web site, with the permission of the publisher.
Making sense of anti-malware comparative testing
"Malware testing" by David Harley (November 2008)
Considers the early impact of AMTSO, the Anti-Malware Testing Standards Organization, on the testing industry.
Malware testing
"Yet Another Rustock Analysis..." by Lukasz Kwiatek and Stanislaw Litawa
A detailed analysis of the Rustock.C rootkit and some of its self-defensive measures. Originally published in Virus Bulletin, August 2008.*
Yet Another Rustock Analysis...
"Macs and malware: What are the dangers?" by David Harley (July 2008)
Reviews some of the reasons why Macintosh computers in corporate environments need protection.
Macs and malware: What are the dangers?
"The trouble with testing anti-malware" by David Harley (January 2008)
An overview of the problems that make most anti-malware tests so unreliable.
The trouble with testing anti-malware
"Fixing the virus problem?" by Andrew Lee
Takes a realistic look at how far Vista can be expected to mitigate the user's exposure to malicious code. Originally published in Virus Bulletin, July 2006.*
Fixing the virus problem?
"Phish Fingering" by David Harley
Review of "Phishing Exposed", Lance James's book for Syngress.
Originally published in Virus Bulletin, July 2006.*
Phish Fingering
"War of the Words" and "I spy" by David Harley
Reviews of Robert Slade's "Dictionary of Information Security" and "Combating Spyware in the Enterprise", by Baskin et al., both published by Syngress. Originally published in Virus Bulletin, September 2006.*
War of the Words & I spy
ESET 白皮書 下載
"Keeping Secrets: Good Password Practice" by David Harley and Randy Abrams (August 2009)
Everyone knows that passwords are important, but what is a good password and how do you keep it safe?
Keeping Secrets: Good Password Practice
"Social Security Numbers: Identification is Not Authentication" by David Harley (August 2009)
Americans are often expected to share their SSNs inappropriately: what are the security implications, and how serious are they?
Social Security Numbers: Identification is Not Authentication
"Playing Dirty" by Cristian Borghello (August 2009)
Describes in detail how criminals make money out of stealing online gaming credentials and assets.
Playing Dirty
"Free but Fake: Rogue Anti-malware" by Cristian Borghello (March 2009)
Understanding and avoiding fake anti-malware programs that offer "protection" from malware that doesn't really exist.
Free but Fake
"Common Hoaxes and Chain Letters" by David Harley (May 2008)
An ongoing series of papers that describe some of the commonly-found lies and half-truths that continue to circulate on the Internet, and discuss some ways of identifying them.
Common Hoaxes and Chain Letters
"Net of the Living Dead: Bots, Botnets and Zombies" by David Harley and Andrew Lee (February 2008)
Describes the botnet phenomenon in detail: its origins and history, current trends, and what you need to do about it.
Net of the Living Dead: Bots, Botnets and Zombies
"The Spam-ish Inquisition" by David Harley and Andrew Lee (November 2007)
A detailed overview of spam, scams and related nuisances, and some of the ways of dealing with them.
The Spam-ish Inquisition
"ESET Smart Security 4" by ESET Research Department (February 2009)
A detailed overview of ESET's flagship security package by the team that brings you the ESET series of product-independent threat analyses.
ESET Smart Security
"A Pretty Kettle of Phish" by David Harley and Andrew Lee (July 2007)
Understand and avoid the attentions of phishers and other Internet scammers.
A Pretty Kettle of Phish
"Heuristic Analysis - Detecting Unknown Viruses" by David Harley & Andrew Lee (March 2007)
A detailed analysis of the differences between traditional threat-specific detection and proactive detection by generic detection and behavior analysis.
ESET Heuristic Analysis Report
"The root of all evil? - Rootkits revealed" by David Harley and Andrew Lee (September 2006)
This paper describes and de-mythologizes the rootkit problem, a serious but manageable threat.
The root of all evil? - Rootkits revealed
"The Passing Storm" by Pierre-Marc Bureau, David Harley, Andrew Lee, and Cristian Borghello (February 2009)
The Storm botnet may have blown itself out, but its legacy remains. This paper places Storm in the context of botnets in general, examining its technical, social, and security implications.
The Passing Storm
其他白皮書 下載
"Endpoint Security: Proactive Solutions for Networkwide Platforms," by Andrew J. Hanson, Brian E. Burke and Gerry Pintal, IDC # 216642 Endpoint Security: Proactive Solutions for Networkwide Platforms
"Beyond Signature-Based Antivirus: New Threat Vectors Drive Need for Proactive Antimalware Protection," adapted from Worldwide Antivirus 2006-2010 Forecast Update and 2005 Vendor Analysis by Brian E. Burke, IDC #204715 Beyond Signature-Based Antivirus: New Threat Vectors Drive Need for Proactive Antimalware Protection
"Malware Detection Techniques" Frost & Sullivan Malware Detection Techniques
"Cybersecurity Review: Background, threatscape, best-practices and resources," by Jeff Debrosse
Cybersecurity is about protecting information and its related resources. This paper examines the different threats we face from cybercrime (the threatscape), real-world statistics to explain the scope and reach of cybercrime, and consumer and business best-practices – to protect both critical and non-critical information.
Cybersecurity Review
獨立測試 下載
ESET Smart Security vs. Trend Micro Worry‐Free Business Security
(Source: “Fast and Effective Endpoint Security for Business”; Comparative Analysis by PassMark Software; June 2010)
ESET Smart Security vs. Trend Micro Worry‐Free Business Security
ESET Smart Security vs. Symantec Endpoint Protection
(Source: “Fast and Effective Endpoint Security for Business”; Comparative Analysis by PassMark Software; June 2010)
ESET Smart Security vs. Symantec Endpoint Protection
ESET Smart Security vs. Sophos Business Space Security
(Source: “Fast and Effective Endpoint Security for Business”; Comparative Analysis by PassMark Software; June 2010)
Retrospective/Proactive Test by AV-Comparatives
ESET Smart Security vs. Microsoft Forefront Client Security
(Source: “Fast and Effective Endpoint Security for Business”; Comparative Analysis by PassMark Software; June 2010)
ESET Smart Security vs. Microsoft Forefront Client Security
ESET Smart Security vs. McAfee Total Protection for Endpoint
(Source: “Fast and Effective Endpoint Security for Business”; Comparative Analysis by PassMark Software; June 2010)
ESET Smart Security vs. McAfee Total Protection for Endpoint
ESET Smart Security vs. Kaspersky Business Space Security
(Source: “Fast and Effective Endpoint Security for Business”; Comparative Analysis by PassMark Software; June 2010)
Virus Bulletin 2005-2006 Comparative Tests
反惡意軟體測試與評估 下載
How do you tell good tests from not-so-good tests? ESET is very actively represented in the Anti-Malware Testing Standards Organization (AMTSO) which is dedicated to raising the standard of anti-malware testing across the board. One of the ways in which this is being done is by making available documentation that will help aspiring testers and their audiences to understand detection testing issues better.
"Untangling the Wheat from the Chaff in Comparative Anti-Virus Reviews" by David Harley
This independent white paper provides a guide to spotting some common errors in the implementation of the anti-malware comparative tests, and was one of the documents referenced in the AMTSO "Fundamental Principles of Testing" document.
Untangling the Wheat from the Chaff in Comparative Anti-Virus Reviews
The Fundamental Principles of Testing is also available in Spanish courtesy of ESET Latin America The Fundamental Principles of Testing (Spanish)
The original English version of "Best Practices for Dynamic Testing" is available on the AMTSO site.
It is also available in Spanish by courtesy of ESET Latin America.
其他資源
Anti-Phishing Working Group
APWG is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.
Anti-Spyware Coalition
The ASC is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies. Composed of anti-spyware software companies, academics, and consumer groups, the ASC seeks to bring together a diverse array of perspectives on the problem of controlling spyware and other potentially unwanted technologies. ESET is actively participating in these important discussions.
AVAR
The Association of Anti-Virus Asia Researchers is a not-for-profit group of security researchers centred in the Asia Pacific region, but also includes representatives of companies in the USA, Europe and so on, including ESET. AVAR also organizes one of the major anti-malware conference events of the year.
AVIEN
AVIEN (Anti-Virus Information Exchange Network) is the largest grassroots discussion network of independent anti-virus researchers in the world, representing many millions of end-users. Since 2008, the organization incorporates AVIEWS (Anti-Virus Information and Early Warning System), and the combined organization brings together Anti-Virus software vendors, corporate security professionals and independent researchers in a discussion and information sharing network of anti-malware professionals, providing early identification and warning of new malware.
CiscoR Network Admission Control (NAC)
Cisco Network Admission Control (NAC) leverages the network infrastructure to limit damage from viruses and worms. Using Cisco NAC, organizations can provide network access to endpoint devices, such as PCs, PDAs, and servers that fully comply with established security policy. Cisco NAC allows noncompliant devices to be denied access, placed in a quarantined area, or given restricted access to computing resources.
EICAR
Originally the European Institute for Computer Antivirus Research, but now active in the wider security arena. Best known for the EICAR test file but also organizes a significant yearly conference.
Microsoft Virus Information Alliance (VIA)
ESET has joined forces with Microsoft and other anti-virus vendors to provide detailed information on significant viruses that affect Microsoft products. Microsoft's PSS Security Team will post updated information on this website regarding new and potentially damaging viruses that have been discovered in the wild.
Virus Bulletin
Home site for a monthly magazine which is a vital resource for anyone interested in anti-malware research, and the most important yearly conference dealing with this area of security.

注意事項: 最新的數字會顯示在 AV-Test Virus Bulletin 網站上。

總結過去的測試結果,都可以在 這裡查看 — 這是需要(免費)註冊的網站 。全部細節個別測試,所報告的 Virus Bulletin 雜誌,只提供給用戶。

過去的 AV-Comparative 測試報告可以在 av-comparatives.org 下載,連同最新的資料報告,測試方法和常見問題。

* *版權所屬 Virus Bulletin Ltd,由本網站提供個人免費使用,經Virus Bulletin 許可公告。