<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d33547542\x26blogName\x3dNotes+%26+Thoughts\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://jonpoon.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://jonpoon.blogspot.com/\x26vt\x3d3412814716534773350', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Sunday, May 04, 2008

Back from Amsterdam

I was in Amsterdam for two events: the AMTSO meeting and the CARO workshop on Packers, Decryptors and Obfuscators.

First, the AMTSO meeting. It was a follow-up to the discussions made in the last few AV industry conferences and gatherings, and the Pro-Term management committee did a lot of work to get the discussions flowing.

What's the AMTSO you ask? The Anti-Malware Testing Standards Organization, or AMTSO, is dedicated to helping improve the objectivity, quality and relevance of anti-malware technology testing.

Open discussions were the main goal of the day, on various subjects ranging on the technical details to the practicality of some of the recommendations that came out of these discussions.

The fact that there were professional testers, publishers and legal representatives gave better and instant feedback to some of the issues that were brought up, instead of delaying them to offline discussions later.

I look forward to the next AMTSO meeting, and the eventual adherence to its recommendations to improve the overall quality of testing of the antimalware products.

The CARO workshop was a great gathering of the experts that are doing the unpacking, the decrypting and the de-obfuscating of files on a day to day basis sharing their insights and lessons learnt from their work.

Kurt Natvig from Norman started off with an opening that made it really hard to follow-up on. Most of the presenters gamely took on that challenge though! Even I was able to understand the challenges and the work required for future research. Fellow attendee from McAfee also agreed on that point.

The program was organized very tightly and had papers that related and continued on the prior papers' work in a very logical manner. This helped to facilitate lots of discussions during the various coffee-break sessions and the dinner sessions.

A few themes were constantly present through the two events. The need to do good for the sake of the computing community being always in the minds and hearts of the folks that attended the events. Everyone was in a position that can and will make product improvements that will impact large groups of IT users.

To facilitate that need, this group of experts are sharing their knowledge and their experience with one another. Do keep in mind that the attendees are working in competing companies, but yet, they share most of their insight to help one another.

To make full use of these kind of gatherings, the attendees practically need to wave their goodbyes to something known as sleep. Discussions continued through the late night, accompanied by the industry number one energy drink: beer. I even got a few action items that i need to work on when i'm back at work.

The CARO workshop and the hosting of the AMTSO were organized by Righard Zwienenberg, from Norman ASA. Thanks to his great work, amidst a personal monumental event, and slight sickness, both events went on fine. Thanks Righard!