Author Topic: avast presentations at Virus Bulletin Conference  (Read 2001 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
avast presentations at Virus Bulletin Conference
« on: October 09, 2011, 03:45:59 AM »
Thriving business model around free security (sponsor presentation)

Milos Korenko Avast Software

A great man once said, 'A vision without action is just a dream. Action without vision just passes time. But a vision with action can change the world.' It will soon be 10 years since we decided to take the big, uncertain step to offer our flagship product for free. We had the vision that providing free security to half of the world would give us enough economy of scale to build a successful business around it.

Big steps are risky. During the 1st month, only 93 users downloaded our product. It took the next 30 months to reach the first million. But we persisted... and today we add 1 million more active users every two weeks to a business that is truly thriving.

http://www.virusbtn.com/conference/vb2011/abstracts/sponsor1.xml
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast presentations at Virus Bulletin Conference
« Reply #1 on: October 09, 2011, 03:50:30 AM »
X is not enough! Grab the PDF by the tail!

Jindrich Kubec AVAST Software
Jiri Sejtko AVAST Software

Everyone in the computer security world knows about the dangers that come with the vulnerabilities discovered in the file format that is widely used by the masses - PDF. In the last couple of years, we have seen many security holes found in the PDF format. And if we add an extremely liberal parser, a wealth of allowed encodings, and the power of the scripting engine we get an ideal channel for malware delivery.

Adobe, as a major provider of PDF viewers (about 83% of all users), has introduced the Reader X in recent months. Also the vendor's update policies for older versions have been improved significantly. However, this is not enough. We have found that about 55% of all users still run the vulnerable version which can easily be targeted by the bad guys. We have to grab the PDF by the tail!

We will not talk about the PDF itself, about its history or about a specific vulnerability - all of which has already been covered by many others. Instead, we will focus on the ways we deal with the detection of evil PDFs. We will describe our heuristic detection approach - classifications based on combining format-specific information with the information gathered from scripts. We will show powerful detections based on script weirdness - where almost everything abnormal might be penalized.

We will also focus on the QA processes that the bad guys use to defeat our detections. Real-life cases will be discussed.

http://www.virusbtn.com/conference/vb2011/abstracts/KubecSejtko.xml
The best things in life are free.