On a side note, I find the subject of cyber security really fascinating. Almost went to school for it.
When I was younger I was crazy about everything cyber security.
How anti virus worked fascinated me as much as the malware itself, I was part of several beta testing programs (NOD32, Online Armor, Prevx, System Safety Monitor, Sandboxie>this was a novelty back then), and even got mentioned on the credits Kaspersky Internet Security 7 release by my username (the one I used then), I was a Kaspersky fanboy
, for which they gave me a two year license as gratitude.
I was part of the Castlecops community (now defunct) where I got access to some nasty zero day malware, I used to put to the test several security programs on an old rig I had, from HIPS (Host Intrusion Prevention Sytems), these are the only software that provide 100% true zero day protection if you know how to use them, firewalls, to sandboxes, I used to write reports about which software detected what and message the developers about it.
I reported about a thousand new malware to virus analysts, most of those sent emails still lie on my gmail account...
Also I used to crawl the net on some particularly shady places and forums back then, most of them don't exist anymore.
I learned that making 100% undetectable malware was quite simple, and that the future of software security had to rely on heuristic detection and/or emulation of malicious software in a closed environment (sandboxes and HIPS do this), as purely relying on a petty list of definitions was stupid, now most AV and Firewall software have an heuristics engine and a HIPS-like protection module.
Eventually I lost the interest and it stopped being a hobby for me, nowadays I just use Windows Defender and common sense and never my PC has been infected, at least unintentionally.
