Happy Birthday Virus Bulletin Conference, you’re 30 years old!


The annual Virus Bulletin International Conference has been running since 1991 and is one of the annual highlights in the calendar of events for IT security experts. Eddy Willems attended the Virus Bulletin Conference for the first time 25 years ago and fondly remembers the beginnings.

Virus Bulletin came into my life after my first malware incident with the AIDS information floppy December in 1989, the first ransomware. (more at ‘The Story of My Life’ at our blog) Back then there were not a lot of resources about malware and after the incident I was looking around to find more relevant information everywhere in the world. Do know that there was no real internet yet and the only resources were a couple of BBS’es( Bulletin board Systems). So around Christmas time 1989 I found out that there was an interesting new publication called ‘Virus Bulletin Magazine’. So I started to read a sample of the magazine and started a (n expensive) subscription very soon afterwards. At that time it became one of my first malware resources.

However VB (called „VB“ for short) magazine was much more than just a magazine. When I heard that Virus Bulletin Magazine was planning their first conference in 1991 in Jersey, Channel Islands, I started planning to possibly attend this event as I was seriously interested in it. Unfortunately there was another constitutional conference going on around that same date near Brussels. So I chose the EICAR conference at that time as it was closer to my house. Due to conflicts in my agenda I couldn’t attend the next 4 Virus Bulletin conferences. That all changed when I created my old website back in 1995 with some links to a couple of other security related websites. At that moment I thought it was time to finally attend the event I always wanted to go to.

My first one

In 1996, the company I was working for let me go to my first Virus Bulletin conference in Brighton, UK.  It started on a Wednesday evening with a chance to meet delegates and speakers at the cocktail reception in the hotel’s lounge. Needless to say that the reception provided a springboard to a long evening with a very nice meal at a local restaurant. It seems my website became my entrance to open a chat with most of the experts that time. I still remember that I talked to a range of people which I’ve only met before via Bulletin Boards or through my website. Some of them told me that my website was one of the only resources on the web about malware during those years.  That first evening was also important to me as I still remember very well that I got a serious job offer which brought me afterwards inside the security industry even more.

There were different streams with a technical, intermediate and corporate stream. I still remember some brilliant talks from Paul Ducklin, Vesselin Bontchev (who overrun his time-slot seriously) and Righard Zwienenberg. I also remember the Gala Dinner very well as it was a real Gala Dinner in every aspect with formal evening wear and entertaining table magicians and an escapologist. There were a couple of after-dinner thank yous done in an unusual way by Joe Wells (founder of the WildList) handing over a helium-filled balloon to VB Editor at that time, Ian Whalley, as he started to speak which resulted in the typical Donald Duck voice of course.

During the last day I still remember a very interesting talk from Sarah Gordon about the profile of virus writers those days. Not to forget keynote speaker Steve White with analogies between computer virus and the various aspects of the natural world. End of course the traditional (it seemed) ending panel session was a must to look out for!

Over 200 delegates had shown up for my first VB conference back in 1996 and I still remember what I thought at that moment: ‘Wow, what a lot of wonderful minds all together in one place. I’ve never seen this before. And above all what a resource! I thought I would never give a talk like these people.

More VB conferences

But this was just the beginning. After Brighton came San Francisco (1997), Munich (1998), Vancouver (1999), Orlando (2000), Prague (2001), New Orleans (2002), Toronto (2003), Chicago (2004), Dublin (2005), Montreal (2006), Vienna (2007), Ottawa (2008), Geneva (2009), Vancouver (2010), Barcelona (2011), Dallas (2012), Berlin (2013), Seattle (2014), Prague (2015), Denver (2016), Madrid (2017), Montreal (2018), London (2019).

All of those VB conferences had the same concept: bringing together the whole anti-virus and later on the security community with a good mixture of interesting talks and people and showing this to a public consisting out of a mixture of experts, press and large companies. On top of that a lot of security related side meetings or events were going on around or during the conference, this especially made it even more interesting. A good example were the early WildList (cooperative listing of malwares reported as being in the wild by security professionals) meetings and a lot of other informal but also security related meetings under NDA…


Especially the networking between the whole security industry was appreciated by just every attendee. You never could find a conference with such a good mix of people, and a not too big overcrowded conference! Compare it to a couple of other conferences and you know what I mean…

It took me to 2005 to give my first VB talk together with David Harley about a study I did together with David about children’s safety, learning attitudes and behaviour as they are affected by the use of information and communications technology and the influence of the media and the internet itself. That first talk in 2005 wasn’t my last one and I gave several at VB since then. Nowadays this became part of my daily job and I’m giving lectures every week for a very diverse public… at least during the non-Corona timeframe. So don’t say that the VB conference didn’t got an influence to my life.

Talking about side-events I still remember very well the G DATA foosball (table soccer) tournaments during the session breaks. I’m not sure when I was watching the first match but it appeared to me that it always attracted an enormous amount of attendees. But there was always something which kept me going to these conferences. Most of the papers were very interesting and they also got a very good selection of speakers. That combined with good hotels and nice locations or cities must be the key to success, I think. I still have all the proceedings in book format since 1996. I nearly forgot: I also chaired tens of speaker sessions as the organization asked me to do this several times, and actually .. guess what: I loved it. By now you possibly all realized that I’m a fan of the conference, isn’t it? 

Another very important pillar of the VB organization was the testing of security products. I was always looking forward to the regular public test reports which covered anti-malware protections of all types as well as enterprise-level email and web security solutions and above all the VB100 awards were a must to have for the security vendors at some point.

From July 1989 to June 2014, Virus Bulletin was published in a magazine-style format – initially starting out as a hard-copy publication before moving fully digital in 2006 and I really was looking forward to read the magazine itself every month during those non-digital years. I’m still hoping they can make a similar style of magazine in pdf or other digital format but it’s not completely the same as the website and the blog at this moment. Maybe I’m old fashioned but I really like to read it that way. It’s a pity that VB isn’t doing this anymore.

25 years Virus Bulletin conferences for me this year

My network was growing enormously during those years. The most interesting as well is that some people I learned to know became very good friends of me. And I was also lucky  that all the companies I worked for during the past 25 years let me attend the whole series of VB conferences. They all saw the advantage in it so send me to this conference all those years. At some point the VB organization started to give pin badges to 10, 15, 20 and 25 year attendees during the Gala Dinner and I was always looking forward to the upcoming picture with people (and friends) who visited the conference as much as possible. I’m not the only one who attended the VB conference 25 years but there aren’t much other ‘friends’ who did better than a handful of them. Maybe I get a virtual 25 years-attending pin badge this year as the VB2020 conference will be an online event this year due to the Corona pandemic.

Congrats VB

For me the Virus Bulletin conference is one of the most important events of the year when it comes to threat intelligence and research for researchers, analysts, product managers and CISOs from all over the world. The VB Conference has always been the perfect match between networking, interesting talks and great content. If you never attended it, try to watch the conference this year online as it is a one time free event packed with a lot of special features. A lot of colleagues of G DATA will be attending the event of course this year virtually. I will be virtually attending this year’s conference as well and together with my good friends experts we reserved already a virtual gala dining table, as always, on Thursday evening. I really hope to be there next year ‘in real life’ again post-Corona.

Congratulations for those 30 years of VB conferences! And keep it going for the next 30 years!

This year’s conference is an online free event at VB2020 Local Host going from30 September – 2 October 2020.

Eddy Willems
Security Evangelist