Sarah Gordon, Richard Ford
Virus Bulletin Conference. Vancouver, British Columbia.
September 1999
Current trends towards anti-malware software, designed to provide protection from network-aware Trojans, viruses and various forms of malicious active content are bringing the mainstream anti-virus world closer to the more general information security world. At the same time, as information security researchers and professionals begin to investigate the various types of threats posed by active content, we are observing a significant increase in the overlap in areas of influence and interest. While this cross-pollination provides an exciting new source for ideas and innovation, it also poses some novel challenges in terms of differences in mindsets and skill sets. For various reasons, researchers may not be aware of some of these differences. One of the most critical differences, and one that must be rationalized for a successful integration of the two worlds, concerns Information Sharing. In this paper, issues related to diametrically opposed positions regarding information sharing are examined; the reasons why each of these positions has evolved are discussed. Dangers of ignoring the current conflicts are considered, and proposed research that would facilitate the assimilation of the two current paradigms possible is provided. As the worlds of "anti-virus" and "computer security" collide, finding a way for the two groups to work together effectively is paramount if both are to work together toward the common goal of protecting the user.