Last-minute presentations:

14:00 - 14:20 VB testing - present status, future plans John Hawes, Virus Bulletin
14:20 - 14:40 Race to zero with online scanners Boris Lau, Sophos

  download slides (PDF)

14:00 - 14:20 VB testing - present status, future plans, John Hawes, Virus Bulletin

VB's unique VB100 comparative review system has been around for 10 years, and has seen few changes in its core design since its 1998 inception. Over the last few years, VB has introduced a range of additions to the data produced in each test, including significant redesigns of the speed tests and 'zoo' collections.

Now, for the first time in 10 years, VB plans to introduce a major new addition to these tests. The new test is based around a system of weekly test sets which cover the three weeks immediately prior to product freezing as well as one week after. The test is designed to measure the ability of AV labs to keep up with the 'flood' of new malware, as well as introducing measurements of heuristic and generic detection abilities, through the element of retrospective testing. We hope it will show some interesting trends over time.

This presentation will focus on the latest addition to the testing line-up. We'll look at how and why these changes have been designed and implemented, and some of the problems involved, and will also cover further plans for expansion and improvement in the future.

14:20 - 14:40 Race to zero with online scanners, Boris Lau, Sophos

DEFCON 2008 proposes to challenge AV vendors by modifying malware samples to avoid detection by anti-virus scanners ( However, we have already been observing these activities in the wild as malware authors attempt to systematically break detection with various online scanners using existing AV detection.

Observing malware authors using their tricks gives us a unique opportunity to understand their working processes. Analysing this information allows the AV industry to stay ahead in the fight against malware.

At SophosLabs we have a database of samples submitted to the labs which provide statistics that enable us to correlate samples from various sources and establish a picture of the workflow of malware authors. In this presentation I will use recent case studies based on data taken from our database to show the efforts malware authors put into evading detection.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.