ESET Threat Blog

The slides from an AMTSO-oriented presentation by Larry Bridwell and myself at this year's Virus Bulletin conference, on "'Daze of whine and neuroses (but testing is FINE)" are now available on the Virus Bulletin site are now available here (along with some other excellent presentations).
The paper on which the presentation is based is on the ESET white papers page, … Read More…

With the publication last year of Aryeh Goretsky's paper “Twenty years before the mouse,” a personal perspective on  the history of viruses and malware so far, I took the opportunity to try something a little different for this blog by announcing it here in an article in an interview format.  
Since people seemed to like it, we … Read More…

I may have mentioned from time to time that ESET is a strong supporter of AMTSO (the Anti-Malware Testing Standards Organization), an international organization that promotes improved methodologies for testing security products.
Last week we held an AMTSO workshop in Prague. While there was some hard discussion around some topics that I'll come back to in … Read More…

EICAR (formerly known as the European Institute for Computer Anti-virus Research, though that title hasn't been used for a good while) is best known for its yearly conference and for the EICAR test file, which can be used as an installation check with most anti-virus programs to check that it's installed and active.
Sadly, I've been … Read More…

Congratulations to our friends at Virus Bulletin for yet another great conference (the 20th) in Vancouver this week. Congratulations also to our own Pierre-Marc Bureau, voted the best newcomer to the AV business at the conference.
By kind permission of Virus Bulletin, we've already put two of the papers written or co-authored by ESET researchers up … Read More…

[This is a joint statement made by a number of anti-malware researchers from a number of security companies, and has been more or less simultaneously published on several vendor sites.]
AMTSO (the Anti-Malware Testing Standards Organization) is a coalition of security professionals, including many antivirus product vendors, product testing organizations and publishers, and some interested individuals.
Given … Read More…

Further to my "top ten of top tens" post, I was encouraged by some queries to revisit the “Top Ten Mistakes Made When Evaluating Anti-Malware Software” list quoted by Kevin Townsend here.
As it was an AMTSO issue and most of the queries have related to an AMTSO blog post, I've returned to it (and slightly … Read More…

Well, not exactly, though actually a top ten of top tens isn't a bad idea: apparently, top tens usually attract plenty of readers.  As do top fives. twenties etc, though probably not top thirteens.
Security Memes a Lot to Me
Still, there is a touch of recursion to this post. I got a notification from the Security … Read More…

Kevin Townsend posted a rather interesting article on his blog asking whether AMTSO (the Anti-Malware Testing Standards Organization) is "a serious attempt to clean up anti-malware testing; or just a great big con?"
I posted a lengthy response on the AMTSO blog here: while it was a personal response rather than an official statement on behalf … Read More…

Jan Vrabec, my colleague in the Bratislava office, has some thoughts to get off his chest about AV vendors and  misleading results from internal test results, so I'm letting him borrow my soapbox. All yours, Jan…
Lately, we have witnessed a new trend pushed by the marketing departments of several antivirus vendors: in-house product testing. Of … Read More…