A Postcard from Pete at CARO

Image (1) 1.png for post 23608

Pete (AU lab) would prefer to imbibe without inconvenience so has requested the following blog to be posted on his behalf:

“Over the past two days several SophosLabs analysts have attended the 3rd International CARO Workshop in Budapest where the topic is on vulnerabilities, in particular how they relate to the anti-virus industry.

Several excellent presentations discussed various issues dealing with discovery, disclosure, mitigation and customer experience, over all showing that the problem is not so easy to solve when the malware authors are not bound by the same rules that govern commercial software release cycles.

Vulnerabilities in various prevalent datafile parsers such as Microsoft Word, Excel and PowerPoint, Adobe PDF and Flash as well as analysis tools for the PE executable file format show the problem is not going to go away and large software houses must step up in order to alleviate the growing problem.

Following the conference will be the AMTSO meeting to discuss uniform testing of AV products as a whole (including runtime behaviour) on which I’m sure Stuart will blog.

For now, it’s back to the pub to discuss the issue at length over many an excellent local ale and “Palinka” – a local tasty spirit.”


  • The image, modified slightly, is from the official CARO 2009 website as mentioned above by Pete.