Table of Contents
Previous Section Next Section

Further Reading

This short section lists a few sites you can use to stay up to date on computer virus and security information. Because virus writers and other malicious hackers are continuously inventing new attacks, you must continuously educate yourself about new trends.

Information on Security and Early Warnings

  • Read information about new computer viruses, malicious code, adware, and spyware attacks at Symantec Security Response, located at http://securityresponse.symantec.com.

  • Read Security Focus at http://www.securityfocus.com. You will find much useful and up-to-date information on security and daily practice. You can also access the valuable BugTraq mailing list at this location to stay current with platform and product vulnerabilities and related information.

  • Read the Internet security information posted on CERT at http://www.cert.org.

  • Visit the SANS Institute's Reading Room regularly at http://www.sans.org/rr.

  • Read the NTBUGTRAQ archives at http://www.ntbugtraq.com. You can also subscribe to the mailing list at this location.

  • Consider joining AVIEWS, organized by AVIEN, to get more information about computer viruses and protect your organization better from such attacks. You can find their site at http://www.aviews.net.

Security Updates

Keep yourself and your computer up to date! Look for information about Microsoft product updates at the following places:

Computer Worm Outbreak Statistics

You can read more on the spread of computer worms here:

  • CAIDA offers worm outbreak information, such as the spread of the Slammer and Witty worms, at http://www.caida.org/analysis/security. You will also find analysis based on the use of "network telescopes."

Computer Virus Research Papers

Contact Information for Antivirus Vendors

Table 16.1 lists contact information for antivirus vendors in alphabetical order.

Table 16.1. Common Certified Antivirus Software Vendors

Vendor

Web Site

ALWIL Software

http://www.avast.com

Authentium ("Command Software")

http://www.authentium.com

Cat Computer Services

http://www.quickheal.com

Computer Associates

http://www.ca.com/etrust

Cybersoft

http://www.cyber.com

DialogueScience

http://www.dials.ru

ESET Software

http://www.nod32.com

F-Secure ("Data Fellows")

http://www.f-secure.com

Freedom Internet Security

http://www.freedom.net

Frisk Software

http://www.f-prot.com

GFI MailSecurity

http://www.gfi.com/mailsecurity

GeCAD (Acquired by Microsoft Corporation)

http://www.ravantivirus.com

Grisoft

http://www.grisoft.com

H+BEDV Datentechnik

http://www.antivir.de

HAURI

http://www.hauri.co.kr

Hacksoft

http://www.hacksoft.com.pe

Hiwire Computer & Security

http://www.hiwire.com.sg/antivirus/index.htm

Ikarus

http://www.ikarus.at

Kaspersky Labs

http://www.kaspersky.com

Leprechaun Software

http://www.leprechaun.com.au

MKS

http://www.mks.com.pl

MessageLabs

http://www.messagelabs.com

MicroWorld Software

http://www.microworldtechnologies.com

Network Associates

http://www.nai.com

Norman Data Defense Systems

http://www.norman.com/no

Panda Software

http://www.pandasoftware.com

Per Systems

http://www.perantivirus.com

Portcullis Computer Security

http://www.portcullis-security.com

Proland Software

http://www.pspl.com

Reflex Magnetics

http://www.reflex-magnetics.co.uk

Safetynet

http://www.safe.net

Software Appliance Company

http://www.softappco.com

Softwin

http://www.bitdefender.com

Sophos

http://www.sophos.com

Stiller Research

http://www.stiller.com

Sybari Software

http://www.sybari.ws

Symantec Corporation

http://www.symantec.com

Trend Micro Incorporated

http://www.trendmicro.com

VirusBuster Ltd.

http://www.virusbuster.hu/en


Antivirus Testers and Related Sites

In this section, I present information about antivirus tests and related sites. Please note that each of these independent sites uses a very different test methodology.

  • Virus Bulletin's site is at http://www.virusbtn.com. Here you can read AV comparisons, find information about VB 100%-certified products, and get independent antivirus advice. You can find the most recent version of the VGrep tool on this site as well. There is also an archive of past issues with the best computer virus analyses available. You also can purchase a subscription to the magazine, which is currently A3195 for one year.

  • The most recent independent antivirus tests of the University of Hamburg's Virus Test Center (VTC) are at http://agn-www.informatik.uni-hamburg.de/vtc. The VTC is led by Prof. Dr. Klaus Brunnstein.

  • AV-Test.org also produces independent antivirus tests, a project of the University of Magdeburg in cooperation with AV-Test GmbH of Andreas Marx. You can find this site at http://www.av-test.org.

  • ICSA Labs, a division of TruSecure Corporation, also performs Anti-Virus Certifications and issues ICSA Labs Certifications. You can find their home page at http://www.icsalabs.org/html/communities/antivirus.

  • Although EICAR (European Institute for Computer Antivirus Research) does not perform tests directly, it provides the eicar.com file for antivirus testing. This file contains code that is encoded in a large string so it can be cut and pasted to a file to test your antivirus software's ability to detect a virus without using an actual virus for the task. This file is detected by most antivirus programs under names similar to EICAR_Test_File. Unfortunately, the original EICAR test file was abused by virus writers because the first specification of the test file did not present formalized criteria of what needed to be detected exactly and what should not. Therefore, some viruses, such as batch and script malware, included the string in themselves to mislead users into thinking that the file containing the virus was harmless. The exact specifications of the EICAR test file have been updated recently, and antivirus product developers are advised to follow the detection according to the new specifications at http://www.eicar.org/anti_virus_test_file.htm.

  • SC Magazine also performs security product evaluations via West Coast Labs' Checkmark Certification. You can find their site at http://westcoastlabs.org.

  • The WildList Organization International has produced the Wildlist of Computer Viruses every month since 1993, based on reports collected worldwide. The Wildlist is used by several antivirus certifications. You can find the Wildlist at http://www.wildlist.org.

  • The Virus Research Unit of the University of Tampere in Finland has been inactive for some time. However, it is expected to resume performing antivirus tests, led by Dr. Marko Helenius. You can find its site at http://www.uta.fi/laitokset/virus.

  • Another new antivirus certification program has been implemented by Dr. Leitold Ferenc in Hungary, located at http://www.checkvir.com.

  • Andreas Clementi is also implementing a new certification program, which is available for products that use their own engine only.

    Table of Contents
    Previous Section Next Section