19th EICAR Annual Conference

“ICT Security: Quo Vadis?”

May 10th and May 11th 2010
with a pre-conference program on
May 8th and 9th
at the
ESIEA Engineer School/Institute of Computer Science
in Paris, France

The 19th Annual EICAR Conference to be held on May 10th and May 11th 2010, with a pre-conference program on May 8th and 9th at the ESIEA Engineer School/Institute of Computer Science in Paris, France.

The conference brings together experts from industry, government, military, law enforcement, academia, research and end-users to examine and discuss new research and development in anti-virus, malware, e-security, e-forensics, Information and Communications Technology (ICT) Management and legal aspects of the information technology.

While the EICAR conference traditionally covers all aspects of malicious code and the development of "anti" measures, the conference 2010 intends to go deeper also concentrate into the usability and issues related to independent testing of Anti-Virus (Malware) products and initiate reflexions on the worrying trends and evolution of ICT security and especially with respect to anti-malware world.

The AV world -- and more widely the computer security world-- is facing since a few years big challenges. BUT contrary to partially wrong feelings those challenges are not only coming from the bad guys: usually all those ugly actors who think to be intelligent or having some sort of power by distributing malware everywhere. While all the instances (the defenders, e.g. AV vendors, governments, researchers, IT experts...) involved in fighting those stupid and malevolent guys (the attackers), the motivations has begun to diverge substantially since a few months, in such a way that it not only becomes more difficult to make the difference between defenders and attackers but also finally the result is that finally the activity of the attackers is made easier: here precisely lie the new challenges that the EICAR 2010 conference has decided to address. Hence the main theme of the event: “ICT Security – Quo Vadis?” I would be tempting to use an equivalent formula: is the AV world and the ICT world going mad? Two illustrative but worrying recent issues are militating in favour of considering this general conference theme.

The first one refers to AV evaluation – which will be addressed at EICAR 2010 as a one of the major topics. The situation is somehow worsening making that evaluation, from an independent, technical perspective more and more difficult not only from a technical point of view but also from a legal point of view. To realise how things are evolving, anyone can read AV software licence document (the one which nobody reads in fact): you will discover very strange and worrying things. Aside the classical academic and industry papers which will be presented, the two-day preconference program will propose tutorials, student/industry sessions around the topic of AV software and AV policy evaluation. Especially, we intend to offer and promote new tools and tutorials with respect to them that everyone could use to evaluate his own AV security and policy himself. It will be the occasion to recall that the only independent way to test an AV without using any malware – a critical issue in itself – was, and still is, the EICAR test file. We will propose, especially for the industry, a tutorial on that file and on new open forthcoming tools that will be disclosed and presented during EICAR 2010. Those tools are directly inspired by the EICAR test file but go far ahead to address the new challenges and needs. So it should be a good reason to attend the conference.

The second case is the very worrying evolution of the use of malware for so-called “investigation” and “copyright protection” purposes. A number of western countries have officially announced that malware-like technologies (e.g. Trojan horses for the most part) are now authorized to enforce the law. More worrying is the use for commercial purposes (e.g. to fight piracy). The question is: is the remedy not worse that the disease? Such issues should be addressed at the EICAR 2010 conference. BUT the main consequence of that evolution lies in the way the AV community will react and what it will decide: if AV vendors accept not to detect those malware-like technologies they are going to lose their credibility and legitimacy very quickly, making precisely the game of the bad guys. Why? Because they implicitly would accept the fact that there are such things as good and bad Trojan Horses. What is quite impossible to manage from a technical point of view, would be a nightmare from a legal/society/privacy point of view. In fact, they are just about to open the Pandora box? That is the reason why we have decided at EICAR 2010 to also address these kinds of topics. The ICT world has now invaded our society and personal lives and we cannot remain blind to its evolution.

To summarize, the rapid evolution of technologies requires the adaptation of human behaviour and in consequence leads to new needs for laws and regulations of direct relevance to the users. The EICAR conference 2010 will therefore concentrate on legal aspects and user liability.

This call for scientific/technical/ industry papers invites therefore the submission of full papers and abstracts on one or more topics devoted to malware and anti-malware technologies, which may include but are not restricted to: