注册与下载——ESET 帮助文档

ESET 会议论文

By Ján Vrabec and David Harley
This paper objectively evaluates the most common performance testing models (as opposed to detection testing) used in anti-malware testing, highlighting potential pitfalls and presenting recommendations on how to test objectively and how to spot a potential bias.
First presented at .

By David Harley, Pierre-Marc Bureau and Andrew Lee
Apple's customer-base has rejoined the rest of the user community on the firing line. This paper will compare the view from Apple and the community as a whole with the view from the anti-virus labs of the actual threat landscape.
First presented at .

By David Harley
This 1997 paper reviews the shared history of viruses and the Mac, summarizes the 1997 threatscape, and considers possibilities and strategies for the future. It's been made available for historical interest because so many people asked about it at EICAR 2010.
First published in .*

By Craig Johnston and David Harley
This paper looks at the ethical, political and practical issues around the use of "policeware", when law enforcement and other legitimate agencies use "cybersurveillance" techniques based on software that resembles some forms of malware in its modus operandi.
First presented at .*

By David Harley and Randy Abrams
This paper considers the practical, strategic and ethical issues that arise when the security industry augments its marketing role by taking civic responsibility for the education of the community as a whole.
First presented at .*

By Jeff Debrosse and David Harley
This paper considers steps towards a holistic approach to behaviour analysis, using both social and computer science to examine the behaviours by both criminals and victims that underpin malware dissemination.
First published in .*

By David Harley and Randy Abrams
This paper traces the evolution of email-borne chain letters, from crude virus hoaxes to guilt-tripping semi-hoaxes, and examines both their (generally underestimated) impact on enterprises and individuals, and possible mitigations.
First published in .*

By Juraj Malcho
This paper by the Head of ESET's Virus Laboratory explores the complex legal problems generated by applications that can't be called out-and-out malware, but are nevertheless potentially unsafe or unwanted.
First published in .*

By David Harley
This paper follows up on "A Dose By Any Other Name", explaining why sample glut and proactive detection have sounded the death knell of the "one detection per variant" model.
Presented at the 3rd Cybercrime Forensics Education & Training () Conference in September 2009.

By David Harley
This paper explains why comparative test results based on static testing may seriously underestimate and misrepresent the detection capability of some products using proactive, behavioural techniques such as active heuristics and emulation.
First published in .

By Randy Abrams
Second in a series illustrating innovative ways of teaching the concepts behind a major security issue, the paper illustrates how botmasters capture computers and "recruit" them into virtual networks to use them for criminal purposes.
First published in Virus Bulletin 2008 Conference Proceedings.*

By Randy Abrams and David Harley
Presents the arguments for and against education as an antimalware tool, and how to add end users as an extra layer of protection in a defense-in-depth strategy.
AVAR Conference 2008

By David Harley and Andrew Lee
Making anti-malware testers and certifying authorities more accountable for the quality of their testing methods and the accuracy of the conclusions they draw, based on that testing.
First published in 2008 Virus Bulletin Conference Proceedings.*

By David Harley and Pierre-Marc Bureau
Tries to answer questions like; why is there so much confusion about naming malware? Is 'Do you detect virus X?' the wrong question in today's threat landscape?
First published in Virus Bulletin 2008 Conference Proceedings.*

By Randy Abrams
Understanding and teaching the basic concepts behind heuristic analysis and how it is used in the anti-malware industry.
AVAR Conference 2007

By David Harley with Eddy Willems, and Judith Harley
Research based on surveys in Belgium and the UK on teenage understanding of internet security issues.
First published in 2005 Virus Bulletin Conference Proceedings.*

By David Harley and Andrew Lee
Looks at appropriate and inappropriate ways of testing anti-malware products.
AVAR Conference 2007

By David Harley and Andrew Lee
Evaluates research on susceptibility to phishing attacks, and looks at web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence that discourages computer users from helping themselves?
First published in 2007 Virus Bulletin Conference Proceedings.*

By Andrew Lee and Pierre-Marc Bureau
Presents an overview of the evolution of malicious software, focusing on the objectives of this type of program to provide evidence for their predictions as to how it will evolve in the years to come.
Infosec Paris 2007

By Randy Abrams
Looks at the changes in the corporate culture at Microsoft and the company's re-entry into the anti-malware market. Will it reduce diversity of choice, and will it leave users in any better shape than MSAV did in the 1990s?
First published in Virus Bulletin Conference 2006 proceedings.*

ESET 研究论文

By David Harley, April 2010
A short presentation on Apple security for InfoSecurity Europe, based on a paper subsequently presented in more detail at EICAR 2010 and available .

By David Harley, April 2010
A Spotlight article about what AMTSO has achieved so far and what might lie ahead. Featured in January 2010's Virus Bulletin and hosted on the AMTSO web site.

By Juraj Malcho, March 2010
Article in CTO Edge that explains how social engineering is used to trick computer users into downloading malware.

By David Harley, March 2010
Article for Infosecurity Magazine that reviews both the tried-and-true and the latest methods that online criminals are using to steal information, and your money.

By David Harley, March 2010
An article in Global Security Mag that discusses the evolution of yesterday's virus hoaxes and other chain letters to social networking sites like Facebook and Twitter.

By David Harley, January 2010
Discusses the increasing dangers of incautious use of social networking in an age where the regulation and use of data by financial and other institutions has not kept pace with a changing online world.

By David Harley, August 2009
Review of "Is it safe? Protecting your computer, your business, and yourself online" by Michael Miller (Que).
Originally published in Virus Bulletin, March 2009.*

By David Harley, June 2009
Commissioned article on the CARO (Computer Antivirus Researchers Organization) and AMTSO (Anti-Malware Testing Standards Organization) workshops in Budapest in May.
Originally published in Virus Bulletin, June 2009.*

By David Harley, March 2009
Published in Infosecurity magazine, Volume 6, Issue 2. Why the traditional naming conventions for malware no longer make sense. For purchase from Elsevier.

By David Harley, March 2009
In "Information Security Technical Report". For purchase from Elsevier. Addresses the problems around anti-malware testing and evaluation, and describes the industry's initiatives for mitigation.

By David Harley, March 2009
A pre-print version of the above article in "Information Security Technical Report" is available on David's personal web site, with the permission of the publisher.

By David Harley, November 2008
Considers the early impact of AMTSO, the Anti-Malware Testing Standards Organization, on the testing industry.

By Lukasz Kwiatek and Stanislaw Litawa, August 2008
A detailed analysis of the Rustock.C rootkit and some of its self-defensive measures.
Originally published in Virus Bulletin, August 2008.*

By David Harley, July 2008
Reviews some of the reasons why Macintosh computers in corporate environments need protection.

By David Harley, January 2008
An overview of the problems that make most anti-malware tests so unreliable.

By Andrew Lee, July 2006
Takes a realistic look at how far Vista can be expected to mitigate the user's exposure to malicious code.

By David Harley, July 2006
Review of "Phishing Exposed", Lance James's book for Syngress.
Originally published in Virus Bulletin, July 2006.*

By David Harley, September 2006
Reviews of Robert Slade's "Dictionary of Information Security" and "Combating Spyware in the Enterprise", by Baskin et al., both published by Syngress.
Originally published in Virus Bulletin, September 2006.*

By David Harley, 1998 [sic]
A paper originally presented at the 1998 EICAR conference, but which is currently being cited by a number of other resources due to its still topical taxonomical content and observations on good password practice.

ESET 白皮书

By Cristian Borghello, translated by Chris Mandarano, added April 2010
A discussion of some of the ways in which attackers use psychological manipulation to trick their victims.

By David Harley, added April 2010
Some ways of avoiding easily guessable passwords.

By David Harley, February 2010
Around New Year it seems that everyone wants a top 10: the top 10 most stupid remarks made by celebrities, the 10 worstdressed French poodles, the 10 most embarrassing political speeches and so on. We revisited some of the ideas that our Research team at ESET, LLC came up with at the end of 2008 for a "top 10 things that people can do to protect themselves against malicious activity."

By Sebastián Bortnik, February 2010
This is a translation for ESET LLC of a document previously available in Spanish by ESET Latin America (see ).

By David Harley, January 2010
This paper is a bit different from other papers you'll find on the ESET white papers page. Following is a mock interview between Dan Damon, of BBC radio and David Harley discussing the complications of a digital world when someone passes away.

January 2010
The Research teams in ESET Latin America and ESET, LLC put their heads together in December 2009 to discuss the likely shape of things to come in the next 12 months in security and cybercrime.

By David Harley, September 2009
On the Information Superhighway, the traffic signals are always at amber. Here are some suggestions for reducing the risk from collisions and carjacks. Part One of a series of short papers.

By David Harley and Randy Abrams, August 2009
Everyone knows that passwords are important, but what is a good password and how do you keep it safe?

By David Harley, August 2009
Americans are often expected to share their SSNs inappropriately: what are the security implications, and how serious are they?

By Cristian Borghello, August 2009
Describes in detail how criminals make money out of stealing online gaming credentials and assets.

By Jeff Debrosse
Cybersecurity is about protecting information and its related resources. This paper examines the different threats we face from cybercrime (the threatscape), real-world statistics to explain the scope and reach of cybercrime, and consumer and business best-practices — to protect both critical and non-critical information.

By Cristian Borghello, March 2009
Understanding and avoiding fake anti-malware programs that offer "protection" from malware that doesn't really exist.

By David Harley, May 2008
An ongoing series of papers that describe some of the commonly-found lies and half-truths that continue to circulate on the Internet, and discuss some ways of identifying them.

By David Harley and Andrew Lee, February 2008
Describes the botnet phenomenon in detail: its origins and history, current trends, and what you need to do about it.

By David Harley and Andrew Lee, November 2007
A detailed overview of spam, scams and related nuisances, and some of the ways of dealing with them.

By ESET Research Department, February 2009
A detailed overview of ESET's flagship security package by the team that brings you the ESET series of product-independent threat analyses.

By David Harley and Andrew Lee, July 2007
Understand and avoid the attentions of phishers and other Internet scammers.

By David Harley and Andrew Lee, March 2007
A detailed analysis of the differences between traditional threat-specific detection and proactive detection by generic detection and behavior analysis.

By David Harley and Andrew Lee, September 2006
This paper describes and de-mythologizes the rootkit problem, a serious but manageable threat.

By Pierre-Marc Bureau, David Harley, Andrew Lee, and Cristian Borghello, February 2009
The Storm botnet may have blown itself out, but its legacy remains. This paper places Storm in the context of botnets in general, examining its technical, social, and security implications.

其他白皮书

By Andrew J. Hanson, Brian E. Burke and Gerry Pintal
IDC # 216642

By Brian E. Burke
adapted from Worldwide Antivirus 2006-2010 Forecast Update and 2005 Vendor Analysis. IDC #204715

By Frost & Sullivan

ESET 专题报告

By David Harley, Pierre-Marc Bureau, Andrew Lee, May 2010
The slide deck that accompanies the on Mac security presented by the authors at EICAR in May 2010.

By Ján Vrabec and David Harley, May 2010
The slide deck that accompanies the on performance testing presented by the authors at EICAR in May 2010.

By David Harley, December 2009
A presentation on some of the problems with anti-malware testing and summarizing the mission and principles of the Anti-Malware Testing Standards Organization (AMTSO).
Presented to the Special Interest Group in Software Testing of the BCS Chartered Institute for IT (formerly the British Computer Society).

By David Harley and Randy Abrams , December 2009
This presentation accompanies the paper of the same name, which considers the practical, strategic and ethical issues that arise when the security industry augments its marketing role by taking civic responsibility for the education of the community as a whole.
First presented at in Kyoto.

By Juraj Malcho, September 2009
This presentation by the Head of ESET's Virus Laboratory explores the complex legal problems generated by applications that can't be called out-and-out malware, but are nevertheless potentially unsafe or unwanted.
Presented at the in September 2009: the conference paper itself is available in "ESET Conference Papers" above, by kind permission of Virus Bulletin.

独立测试

By Virus Bulletin

By West Coast Labs, September 2008

By AV-Comparatives.org, May 2008

By Andreas Clementi
AV-Comparatives.org

By Virus Bulletin, June 2006

By Virus Bulletin

By Virus Bulletin

By West Coast Labs, February 2006

反恶意软件测试与评估

你如何判断一个测试有效与否?ESET是的积极响应者, 该组织致力于不断提高反恶意软件测试水平,目前已在进行中的方法是通过编写相应来帮助测试人员及用户更好的理解测试细。

By David Harley
This independent white paper provides a guide to spotting some common errors in the implementation of the anti-malware comparative tests, and was one of the documents referenced in the AMTSO document.

By ESET Latin America

其他资源

APWG is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

The ASC is a group dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies. Composed of anti-spyware software companies, academics, and consumer groups, the ASC seeks to bring together a diverse array of perspectives on the problem of controlling spyware and other potentially unwanted technologies. ESET is actively participating in these important discussions.

The Association of Anti-Virus Asia Researchers is a not-for-profit group of security researchers centred in the Asia Pacific region, but also includes representatives of companies in the USA, Europe and so on, including ESET. AVAR also organizes one of the major anti-malware conference events of the year.

AVIEN (Anti-Virus Information Exchange Network) is the largest grassroots discussion network of independent anti-virus researchers in the world, representing many millions of end-users. Since 2008, the organization incorporates AVIEWS (Anti-Virus Information and Early Warning System), and the combined organization brings together Anti-Virus software vendors, corporate security professionals and independent researchers in a discussion and information sharing network of anti-malware professionals, providing early identification and warning of new malware.

Cisco Network Admission Control (NAC) leverages the network infrastructure to limit damage from viruses and worms. Using Cisco NAC, organizations can provide network access to endpoint devices, such as PCs, PDAs, and servers that fully comply with established security policy. Cisco NAC allows noncompliant devices to be denied access, placed in a quarantined area, or given restricted access to computing resources.

Originally the European Institute for Computer Antivirus Research, but now active in the wider security arena. Best known for the but also organizes a significant yearly conference.

ESET has joined forces with Microsoft and other anti-virus vendors to provide detailed information on significant viruses that affect Microsoft products. Microsoft's PSS Security Team will post updated information on this website regarding new and potentially damaging viruses that have been discovered in the wild.

Home site for a monthly magazine which is a vital resource for anyone interested in anti-malware research, and the most important yearly conference dealing with this area of security.

注意:最新Av-Test数据请查阅网站

过去的杀软行业测试数据总结请查找—要求免费注册后查阅。VB 杂志登出的某些独立测试详细信息仅供已订阅者查询使用。

过去的AV-Comparative 测试报告存档于,随测试报告,测试方法,faq等更新而更新。

* 版权所有:Virus Bulletin Ltd,但所附信息已经由Virus Bulletin授权通过,可供个人免费使用。