Sophos security experts to present at EICAR conference in Hamburg

April 21, 2006 Sophos Press Release


Vanja Svajcer (left) and Samir Mody.

Sophos, a world leader in protecting businesses against viruses, spyware and spam, today announced that experts from SophosLabs™, will be presenting at the EICAR (European Institute for Computer Antivirus Research) conference in Hamburg, Germany, 29 April - 3 May 2006.

Jason Bruce, manager of detection development, Vanja Svajcer, principal virus researcher, and Samir Mody, senior virus researcher at SophosLabs™, will be giving separate talks at Europe's leading anti-virus conference.

Vanja Svajcer and Samir Mody's paper, "Unpacking: a hybrid approach", discusses how malware has moved away from the use of complex polymorphic engines to avoid detection and towards the use of packing utilities (such as compressors and archivers). The paper examines what anti-virus vendors such as Sophos are doing to combat the threat.

"Different approaches to unpacking have been attempted by vendors with the ultimate goal of achieving generic unpacking of the packed file. Emulation and tracing can be too inefficient and unreliable for inclusion in the anti-virus product, and including code for new packers into the anti-virus engine is efficient but may not be a rapid enough response," explained Svajcer. "In this paper we propose a hybrid solution based on reverse engineering the packer code to divulge the specific functions that need to be executed to reveal the host, and then implement those functions in a detection update using a proprietary packer description language."

Jason Bruce.

Jason Bruce's paper, "Spyware: a risk model for business", will be arguing that risk models classifying adware, spyware and other potentially unwanted technologies may be appropriate for security products which target the consumer market, but are an unnecessary complication for determining the types of application that are suitable for a business environment. The paper explains that risk models could ultimately restrict business focused security vendors from offering their customers the protection they demand.

Sophos's integrated security solutions stop threats at both the gateway and the endpoint, providing organizations with reliable, manageable and effective protection against spyware, viruses, worms, Trojans, spam, phishing attacks and policy abuse.

Sophos's products have received 100% Checkmark certification from West Coast Labs for spyware detection.

The EICAR conference, will take place on 29 April - 3 May 2006 at The Hotel Hafen Hamburg, Hamburg, Germany.

More information about the conference can be found on the EICAR website.