Virus Bulletin Conference – Day 3

The third and last day of the VB 2011 Conference was as interesting as the other two, in both corporate and technical tracks.

The technical track was dedicated to exploits, Java, packers, Flash analysis and others. All topics definitely interesting and useful for the fellow security researchers.

The corporate track was for me at least, much more entertaining.

We have seen how Fake Antivirus programs “make” a living, a very interesting approach how to educate users about cyber security and a compressed history of the top vulnerabilities of 2011 from Microsoft’s view.

One very interesting presentation about the possible threats of the year 2020. According to the authors of the paper, the security industry will move more and more from protecting the end point devices to protect the backend, and its associated services (cloud services).

Even if I found the presentation very interesting, I threw an idea to the audience just at the end of the Q&A session: what if we will stop moving to the cloud and return to personal computing ?  Right now the trend is clear: more and more intelligence and data is moving from the devices we own into the clouds of various companies. What if in 5-7 years people find out that they lost their personal identity in the cloud, after years of pushing everything into their cloud, and want to get everything back? This would be a return to the roots of computing: solving problems – personal or business problems.

The conference ended with a panel discussion about tackling botnets. The experts participating in the discussion shared their opinions and experiences about the topic for about 45 minutes.

The discussion streamlined toward its end to the following question: Who is responsible for fixing the botnets problem: the user (owner of the computer which became a bot), the owners of the infection vectors (websites, producers of the vulnerable applications which get exploited) or ISPs which can control the access of the end points to the Internet?

The topic is so complex that many researchers will continue for quite a lot of time to discuss details and best practices about how to detect and take down botnets.

 

Sorin Mustaca

Data Security Expert