suggested reading

oops, a little on the late side, but not by too much...

• Chris Quirke's Blog: Should You Detect Old Malware?
  another perspective on old malware
• F-Secure Rescue CD 3.00 - F-Secure Weblog
  tools like this need to get more attention - outside the box analysis is the best way to deal with stealth and other malware defense mechanisms...
• Devil's Advocate Security - Malware Analysis and Response: A Quick Howto
  i dunno why, i just like to see more approachable examples of malware incident response like this... i could almost see more or less ordinary people learning a thing or two from this, unlike those policy document driven enterprise level procedures...
• Infectious Music, Malware-Style | TrendLabs | Malware Blog
  interesting - i'm not sure if i'd call it infection but the fact that the music still plays after the 'codec' is downloaded is a neat twist...
• Vulnerabilities in AV software - McAfee Avert Labs Blog
  looks like i'm not the only one who saw fud in that '800 vulnerabilities in av software' report... this entry doesn't take as hard a line as i did, but there was a much more indepth analysis...
• security religions (terminal23)
  this is actually an older post but i've been wanting to comment on how good it is because after reading it i'm finding a lot of things i see falling into one of the two 'security religions' described here... now if only it didn't make me want to let things slide when folks are seriously wrong/misguided...
• The End of Exponential Malware Growth? - McAfee Avert Labs Blog
  this is perhaps one of the best pieces of news i've heard in a long, long time... i'll take it with a grain of salt because it almost seems too good to be true but there seems to be indications that malware growth has plateaued... i hope that continues...
• Matasano Chargen » Internationalization of Malware
  finally an explanation of why internationalization of malware matters - and that is the contextual information found in the strings in the binary... i'm still a proponent of entirely functional definitions/classification, but at least now i know why other people are concerned with this issue...