IVPC `99 is a GartnerGroup conference, sponsored in part by the International Computer Security Association, a GartnerGroup affiliate. It ran from April 14-15, 1999 at the Sheraton Hotel and Towers in Chicago, Illinois.
This event started with the IT Vendor Demonstration Forum Reception, held the evening before the conference, combined a mini trade show floor and a cocktail reception. IVPC '99 was a joint function with the GartnerGroup Information Security conference, that ran from April 12th through 14th, also at the Sheraton Hotel and Towers.
The reception was predominantly oriented towards the Security conference, due to the participating vendors and the lack of IVPC '99 badges on the attendees. Only four of the thirty-three vendors present currently produce an antivirus product - five, if you count IBM. (Although IBM has sold its program to Symantec, it still works with Symantec on antivirus technology.)
|Day One - Keynote Address|
Enterprise Security: Protecting Your Enterprise From Viruses By Peter Watkins, Executive Vice President, Network Associates, Inc.
This keynote was a good overview about the threat that malicious code presents to corporations. It was the most technically oriented keynote and was organized around five key points:
The rate that malicious code spreads has increased.Malicious code can impair businesses functions. A multi-layered defense is absolutely necessary.Management of the defensive strategy is essential.A cross-disciplinary approach is required to fight malicious code.
He punctuated his keynote with a discussion of NAI's product offerings to meet the challenges of these five key points.
|Day Two - Keynote Address|
Taming The Internet By Enrique Salem, Vice President, Symantec Corporation
This keynote contemplated how businesses must now manage employees' use of e-mail and Web browsing. While the Internet is a very useful business tool, it is a "port of entry" for viruses and he asserted that it also represents a security threat, if inappropriately used. Confidential information can easily be shared via e-mail and offensive material can come in from X-rated Web sites. He highlighted these risks by a giving an example of a corporation that may be paying millions of dollars in a sexual harassment lawsuit. I came away from this keynote feeling that most businesses need to have better written policies regarding what is appropriate and inappropriate regarding employee use of the Internet. These policies must also be clearly communicated to company employees. If companies don't, they will open themselves up to numerous lawsuits.
Each day of the conference there were general and breakout sessions. The breakout sessions had two tracks; Corporate and Technical. I attended the Technical sessions.
These sessions discussed the methods that virus writers use to create viruses. The timing of this conference was most prophetic, arriving so soon after the Melissa Word Macro virus and its variants struck. The Melissa virus and its alleged author, David Smith, was discussed or mentioned in almost every presentation. One panel session was a moderated discussion of how some large corporate and governmental agencies handled the Melissa virus. One panel member pointed out that no matter how thorough they were in defending against viruses, companies that they did business with were often sources of reinfection.
All these sessions were quite informative. One session became quite agitated when presenters from Aladdin Knowledge Systems, Inc. were challenged on their use of term "vandal", by several people from different antivirus companies. This term was criticized since it is not an "agreed upon" term in the antivirus industry. I found this criticism a bit confusing and inconsistent since one of their slides listed vandals as a new kind of malicious code, that caused damage distinct from viruses, while a later one referred to vandals as a type of virus.
A milder exchange occurred in another session about the origins of the use of term "Chernobyl" to refer to the CIH virus and involved Sophos marketing people. It was amusing and highlighted the tension between antivirus technical people and antivirus marketing people. Along with providing information, this conference seemed to be one of places where antivirus industry insiders socialize with one another.
While geared towards large corporations, the material covered was useful for organizations of almost any size and is one of the few opportunities for non-product specific antivirus education, without an obvious sales pitch. I recommend this conference.
© 1999 Irwin Romanek All rights reserved.