25 years with or within the Antivirus and Security Industry
Last week (9 December 2014) it was exactly 25 years ago one of my former managers gave me a diskette which appeared to be having the AIDS information trojan. At that time I was one of the first in the world to get a detection for it and who could reverse the situation from a trojanised machine back to healthy one. It changed my life completely. 2 years later I was one of the founders of EICAR. After that my whole life was dedicated to malware and security and I finally became what I always wanted to be: a Security Evangelist, actually a Cybersecurity Expert with deep knowledge of security and excellent skills to communicate technical stuff to non-technical people. If you want to refresh your memory about the AIDS Trojan you can watch my first TV interview (Dutch – VTM) from 9 December 1989 and find out that I changed a little bit.
I love what I’m doing. It’s my life and I’m one of the few which are not doing it only for the money. During those 25 years I’ve met a lot of interesting, brilliant minded and enthusiast people. The AV industry itself is also quite special and I still like to work with or inside this industry even after 30 years IT experience (not counting my university and school years). However some people involved are not always what they pretend to be and just do their job. It’s just a job for them.
It’s not a job for me, it’s much more, It’s my life.
And take it from me, there is a big difference if you’re driven by a mentality or principle to help the general public, companies and organizations in the continuous battle against cybercrime today.
I am ready for the next 25 years .. well that’s maybe a little bit exagerated. ;-)
PS: If you find less blogs from me these days over here just visit the blog page of G DATA or follow my Twitterfeed @EddyWillems or watch the media in your country.
CeBIT 2011 and G Data
CeBIT starts on March 1st in Hannover, showcasing the latest developments in the IT industry. G Data is using the largest IT trade show in the world this year to launch the next generation of security for businesses and home users. G Data presents this year’s trade fair highlight: Generation 11 of its network solutions, equipped with a powerful backup module in all Enterprise versions. Also being revealed is G Data MobileSecurity, a security solution for Android phones. Mobile phone owners will thus be able to effectively secure their mobiles against malware. Another first that will be announced in Hannover is G Data CloudSecurity. This free browser plug-in blocks infected websites,making surfing the internet more secure. Besides presenting these innovations, the provider from Bochum, Germany is also offering a comprehensive programme in the G Data Arena, Hall 11, Booth D35.
I personally will take part in the Global Conferences during a panel session about the importance of security which is detailed below. It’s an interesting line up of experienced speakers, CEO’s or VP’s which will be sitting next to me. I will be available for interviews and chats the whole week (minus Saturday) at our booth. By the way I like my new title: Global Security Officer. ;-)
New interesting moves from AMTSO during the last meeting in Munich, Germany
This is a copy from the original posting at the G Data Security Blog.
G Data is one of the members of AMTSO (www.amtso.org), an organisation currently comprised of 37 members, representing testers, vendors, academics and publishers involved in anti-malware research. Last week I was at the last AMTSO members’ meeting which was held in Munich. As always, a lot of work was done during the workshops.
First of all, some guidelines about testing for false positives (FP) were adopted. The False Positive issue is a common problem and the security industry dedicates a lot of resources to ensuring the highest quality and to reduce False Positives heavily. We welcome the new joint guidelines related to testing of false positives and we are hoping that in the light provided by these new guidelines, the FPs from all security products will be much more fairly assessed. The new documents can be found at www.amtso.org/documents.html.
New website and the start of my world tour
You possibly already found out by now that I refurbished my personal website otherwise you weren’t reading this.
I really hope you like the new look of this site which took us several weeks to come up with. It was really necessary after a long period of silence I think.
With this new look I’m also starting my world tour where I sometimes will attend some conferences and sometimes will speak at these events.
Just finished with our G Data’s press tour in the Benelux I’m ready for the next events:
- BruCon Conference: Brussels, Belgium (attending)
- Virus Bulletin Conference: Vancouver, Canada (speaking together with Righard Zwienenberg(Norman) about internal attacks and problems in the cloud)
- Infosecurity NL: Utrecht, The Netherlands (attending)
- AAVAR Conference: Bali (speaking together with David Harley(Eset) and Lysa Myers(Westcoast Labs) about product evaluation and malware simulation)
- G Data Japan Press Tour: Tokyo (speaking)
And this is just the beginning … more trips are planned even during the writing of this piece.
One trip could be very interesting but it’s still undecided if I will participate …. but stay tuned as I could meet some VIPS of the world. ;-)
Could the DLL-hijacking problem be underestimated?
This is a small copy of the official G Data Blog
Find the full and official version at www.gdatasoftware.com
Last week, HD Moore released details about a serious DLL problem under Windows. HD Moore is known as developer of the Metasploit application.
After a week, Microsoft released more information, discussing bad practices in DLL loading that could lead to remote exploitation, which is the main source of this problem. They have recently released tools which can help mitigating the risk. But the real and possibly best solution is for developers to patch their applications to follow best practices.
There is little that can be done by those of us in the security community, or Microsoft for that matter, as many applications are designed to take advantage of this flaw and it could take many weeks or months for application developers to release better designed programs and encourage users to update to these new versions. Some of the programs will be updated automatically, some of them won’t. The patches Microsoft is offering do work, but it could make several programs unusable and prevent them from backward compatibility.
The Microsoft LNK / USB worm / rootkit ‘issue’ will kill WIN XP SP2 and WIN2000 earlier…
Just recently, reports were released about a new kind of malware propagating through removable drives. The said malware exploits a newly-discovered vulnerability in shortcut files, which allows random code to be executed on the user’s system. Microsoft has officially acknowledged the vulnerability and released a security advisory.
The malware some of the AV industry detects as Win32/Stuxnet, unfortunately, is a worm (and rootkit) of a slightly different colour. It can propagate making use of a 0-day vulnerability described here and also listed by CVE as CVE-2010-2568.
The biggest problem is that Windows (specifically, the Windows Shell) can be tricked into executing malicious code presented in a specially-crafted shortcut (.LNK) file linking, in turn, to a malicious DLL (Dynamic Link Library).
The problem is in the way that Windows Shell fails to parse the shortcut correctly when it loads the icon, it isn’t necessary to click the icon for the malicious code to be executed! The code will be executed without any action on the part of the user once that folder is opened to access whatever legitimate files are on the device.
G Data SecurityLabs expands team with Security Evangelist Eddy Willems
The English and French version of the press release …
G Data SecurityLabs expands team with Security Evangelist Eddy Willems
Bochum, 19. February 2010
G Data today announces they have a new team member: Security Evangelist Eddy Willems. He will divide his time between the G Data SecurityLabs in Bochum (Germany) and the Benelux team.
The Belgian Willems has been active in the field of IT security for over two decades. In that period, he has worked for influential institutes, such as EICAR, of which he is a co-founder and the director of press and information, several CERT associations, and the organization behind the Wildlist as well as for commercial companies, such as NOXS and Kaspersky Labs Benelux.
In his position of Security Evangelist at G Data, Eddy Willems will form the link between technical complexity and the user. He is responsible for a clear communication of G Data’s SecurityLabs towards the security community, press, distributors, resellers and end users. This means, amongst other things, organizing trainings about products, malware and security, speaking at conferences and consulting associations and companies about security.