Presented at the International Antivirus Testing Workshop 2007 by Mark Kennedy, Distinguished Engineer, Symantec

1. The Importance of Re-creating In-the-Wild Infection Conditions for Testing Multi-Layered Security Products Mark Kennedy May 15 th , 2007

2. Overview Current Trends 1 Traditional Static Analysis 2 Proactive Static Analysis 3 Dynamic Analysis 4 Lab Bias 5

11. Symantec Client Layered Protection Architecture Page OS & Application Vulnerabilities Targeted Attacks & Insider Threats Malware & Spyware Zero Day Threats My Only Marketing Slide (I promise) Network Filtering “Block threats before they impact the client” Behavior Blocking “Police execution activity” Storage Filtering “Don’t let threats persist!”

13. You All Remember This

21. Scoring Gradient: File Based Threat Never executes Executes but cannot communicate Communicates but is automatically removed Communicates but is removed by definitions Communicates and is never detected / cannot be removed Content never reaches box Never impact Impact, but no damage (bumper) Impact, but no injuries Minor injuries, victims walk away Major injuries, but survive Some Fatalities Fatalities, car explodes, kills bystanders

37. Questions?

38. Presentation Identifier Goes Here Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Thank You! Mark Kennedy [email_address] 310-449-4263