This short section lists a few sites you can use to stay up to date on computer virus and security information. Because virus writers and other malicious hackers are continuously inventing new attacks, you must continuously educate yourself about new trends.
Information on Security and Early Warnings
Read information about new computer viruses, malicious code, adware, and spyware attacks at Symantec Security Response, located at http://securityresponse.symantec.com.
Read Security Focus at http://www.securityfocus.com. You will find much useful and up-to-date information on security and daily practice. You can also access the valuable BugTraq mailing list at this location to stay current with platform and product vulnerabilities and related information.
Read the Internet security information posted on CERT at http://www.cert.org.
Visit the SANS Institute's Reading Room regularly at http://www.sans.org/rr.
Read the NTBUGTRAQ archives at http://www.ntbugtraq.com. You can also subscribe to the mailing list at this location.
Consider joining AVIEWS, organized by AVIEN, to get more information about computer viruses and protect your organization better from such attacks. You can find their site at http://www.aviews.net.
Keep yourself and your computer up to date! Look for information about Microsoft product updates at the following places:
Computer Worm Outbreak Statistics
You can read more on the spread of computer worms here:
CAIDA offers worm outbreak information, such as the spread of the Slammer and Witty worms, at http://www.caida.org/analysis/security. You will also find analysis based on the use of "network telescopes."
Computer Virus Research Papers
Contact Information for Antivirus Vendors
Table 16.1 lists contact information for antivirus vendors in alphabetical order.
Antivirus Testers and Related Sites
In this section, I present information about antivirus tests and related sites. Please note that each of these independent sites uses a very different test methodology.
Virus Bulletin's site is at http://www.virusbtn.com. Here you can read AV comparisons, find information about VB 100%-certified products, and get independent antivirus advice. You can find the most recent version of the VGrep tool on this site as well. There is also an archive of past issues with the best computer virus analyses available. You also can purchase a subscription to the magazine, which is currently A3195 for one year.
The most recent independent antivirus tests of the University of Hamburg's Virus Test Center (VTC) are at http://agn-www.informatik.uni-hamburg.de/vtc. The VTC is led by Prof. Dr. Klaus Brunnstein.
AV-Test.org also produces independent antivirus tests, a project of the University of Magdeburg in cooperation with AV-Test GmbH of Andreas Marx. You can find this site at http://www.av-test.org.
ICSA Labs, a division of TruSecure Corporation, also performs Anti-Virus Certifications and issues ICSA Labs Certifications. You can find their home page at http://www.icsalabs.org/html/communities/antivirus.
Although EICAR (European Institute for Computer Antivirus Research) does not perform tests directly, it provides the eicar.com file for antivirus testing. This file contains code that is encoded in a large string so it can be cut and pasted to a file to test your antivirus software's ability to detect a virus without using an actual virus for the task. This file is detected by most antivirus programs under names similar to EICAR_Test_File. Unfortunately, the original EICAR test file was abused by virus writers because the first specification of the test file did not present formalized criteria of what needed to be detected exactly and what should not. Therefore, some viruses, such as batch and script malware, included the string in themselves to mislead users into thinking that the file containing the virus was harmless. The exact specifications of the EICAR test file have been updated recently, and antivirus product developers are advised to follow the detection according to the new specifications at http://www.eicar.org/anti_virus_test_file.htm.
SC Magazine also performs security product evaluations via West Coast Labs' Checkmark Certification. You can find their site at http://westcoastlabs.org.
The WildList Organization International has produced the Wildlist of Computer Viruses every month since 1993, based on reports collected worldwide. The Wildlist is used by several antivirus certifications. You can find the Wildlist at http://www.wildlist.org.
The Virus Research Unit of the University of Tampere in Finland has been inactive for some time. However, it is expected to resume performing antivirus tests, led by Dr. Marko Helenius. You can find its site at http://www.uta.fi/laitokset/virus.
Another new antivirus certification program has been implemented by Dr. Leitold Ferenc in Hungary, located at http://www.checkvir.com.
Andreas Clementi is also implementing a new certification program, which is available for products that use their own engine only.