AMTSO, CARO and EICAR - conferences and events - an overview


The past two weeks were dedicated to three traditionally important security industry events of the year. It started with an AMTSO Meeting, then the CARO Workshop followed and it ended with the EICAR Conference. G Data participated in all of them!

G Data is one of the members of AMTSO (, an organization currently comprised of around 40 members, representing testers, vendors, academics and publishers involved in anti-malware research. Eddy Willems, G Data Security Evangelist, was at the last AMTSO members’ meeting which was held in Prague. As always, a lot of work was done during the workshops: The document "AMTSO Guidelines on Facilitating Testability” was initiated at the suggestion of testers and developed jointly by testers and vendors. The new paper is the latest in a succession of guidelines and best practice documents already published. The AMTSO members also agreed to expand the range of documentation the organization produces to include more educational material. They also introduced changes to the voting procedure to ensure that documents cannot be approved by the members unless a majority of testers agree that the content is up to standard. This step mentioned last is designed to avoid any possibility of bias in favor of any group within the organization.

At the same location, in the beautiful city of Prague, the CARO 2011 Workshop, the annual event of the Computer Anti-virus Researcher's Organization, was held. CARO is an informal group of specialists that has been dissecting computer malware for nearly two decades. Every year, CARO members meet for a security workshop sponsored by a different antivirus developer. This year, G Data’s technology partner Avast was taking care of this. The workshop itself covered the topic “Hardening the net” and consisted of high level technical presentations and discussions on current security issues (CARO 2011 program). It included topics such as URL shortening, detection of malicious PDF files and shell code analysis. The interesting thing to note is that this workshop is quite informal, dedicated to the security industry and gives a lot of technical information. However, the event is not open for the press.

After this event part of the people left Prague and took a plane or trains to attend the EICAR 2011 Conference, which took place at the Krems University, a lovely place in Austria situated at the Danube. For 20 years, EICAR has had an independent and proactive activity in the field of computer malware and security and is well known for the EICAR test file, which you can find on their website You can use the file to safely find out if your anti-virus software suite is working, without the need to use real malware. The year 2011 marks the 20th year of EICAR existence. This year’s conference was dominated by the buzzword ‘Cyber War’(EICAR conference program). What constitutes and attack? Are nations going to declare ‘Cyber War’ against another nation? Where are the boundaries of the battlefield? What are ‘Cyber Weapons’ and who is supposed to handle them following what kind of regulations? Currently, there are no regulations or treaties regulating a war with cyber means. There is not even an agreed definition on ‘Cyber War’. EICAR tried to bring up this discussion as it is more than important for all of us.

This topic was also brought up during the panel discussion moderated by the chairman of EICAR, Rainer Fahs, and panel members, including Ralf Benzmueller of G Data, Morton Swimmer of TrendMicro, Eric Filiol of ESIEA and Boris Sharov of Dr. Web. A nice mixture of academic (peer reviewed) and industry papers detailed on topics like malware modeling, malware analysis, Android malware, network based detection and removal of malware. This brought the EICAR 2011 conference to a good level for every participant.


G Data continues to take an active part in all these events because we believe that cooperation within the security industry is extremely important in the battle against all Cyber threats.