May 19, 2003, 9:07 AM — New problems with malware, advantages and side effects of network forensics tools and, above all, two important projects to improve European communication practices and structures on information security were the core topics of the European Institute for Computer Antivirus Research (EICAR) conference in Copenhagen, Denmark last week. About ninety international information security specialists attended the conference, listened to high-level presentations and discussed important issues of network and application security.
One of the results of the conference was the sense that programming antivirus tools to the needs of the users has become more and more troublesome for today's vendors. One reason for this is the existence of network surveillance and examination tools, which are used and sometimes even commercially sold as administration tools, but at the same time spread illegally as hackers' devices.
Antivirus software can't simply stop and delete those tools, even if they are commonly found in the shape of Trojan horses. "We have similar problems with spyware," explained Jakub Kaminski, Virus Research Manager Computer Associates Australia. "In some cases software of this kind is used for legal collection of data." Because of these problems, antivirus software can't be distributed or updated with signature lists ready to use for anyone any more. Administrators will have to spend more time on configuring antivirus programs to the needs of their own organization.
Businesses and noncommercial institutions desperately need to be better organized and more comprehensive information on vulnerability issues to be able to survive hacker attacks and other threats. This topic was discussed by some of the presenters and also by EICAR officials. EICAR currently runs two projects to improve security information in Europe: CAMDIER (Cyber Attack Methods Detection & Information Exploitation) and CASES (Cyberworld Awareness and Security Enhancement Structure). EICAR tries to associate both projects with official E.U. projects.
According to Professor Urs Gattiker PhD, Scientific Director of EICAR, CAMDIER brings together people from various disciplines, organizations and countries within the E.U. to develop a framework for the classification and categorizing of various types of attacks.
One of the basic objectives is to develop a unified naming convention for malicious codes and attacks. This topic was subject to lively debate at the conference, because some of the antivirus vendors are not completely convinced that they should give up the existing naming methods which result in names that don't describe a virus in details, but instead are easy to remember.