Presentation Title: Detecting and Removing Malware without Anti Virus Software - HITB LAB SESSION
Presentation Abstract:

Malware, as defined in Wikipedia, is software designed to infiltrate or damage a computer system without the owner’s informed consent. It is a portmanteau of the words “malicious” and “software”. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

In the year 2004 alone, malware costs enterprises USD 169 billion in the aspect of downtime, data loss and breach of confidentiality. With the recent study by IronPort Systems in the year 2006, malware can cost over USD $150 per user per year. Such a staggering amount of financial loss in the last few years indicate that the problem of malware will not go away in the next coming 3 years.

Tim Meng will explain to the audience how malware really works in detail, and what an end user can do, with a few simple checks in place, to minimise their exposure to malware. He will share with the audience his self-developed methodology on the process of identifying and removing malware. Lastly, through a live demo hands-on session with the class, the audience will be taught to remove stubborn malware without the use of anti-spyware or anti-virus tool, so that audience can learn and empower themselves with the knowledge to remove malware on their own systems.

About Tim Meng

Tim Meng has 12 years of extensive experience in the information security industry. He has performed numerous penetration tests, systems technical review, network architecture review, information security training, policy review and technical risk management advisory work. The clients he worked for include global financial institutions, government bodies, multi-national companies, educational institutions and network service providers. Tim Meng’s technical expertise lies in penetration test, wireless and VoIP security, firewall and IDS/IPS tuning, network incident handling and analysing security issues on new technologies. Tim Meng also performed a number of enterprise risk assessment and information security framework review for clients.

Tim Meng was the leading consultant for information security consulting work for PIPC and Lucent Technologies, where he was responsible for all pre-sales and delivery roles for the Asia-Pacific region. He has also previously worked in consulting positions for both PricewaterhouseCoopers and KPMG, providing similar information security services to clients.

Tim Meng is currently the chairperson of the Security Controls and Security Services Working Group (Singapore representative body for ISO/IEC JTC 1/SC 27/WG 4) responsible for developing and reviewing network and application security standards. He is a regular contributor for Singapore’s security professional group, SIG2, by performing technical researches and delivering talks to the members. Tim Meng has also delivered a diverse range of information security topics in several public seminars on the topics of malware handling strategy, VoIP and wireless network hardening. Tim Meng received his Bachelor of Applied Science degree in Computer Engineering from Nanyang Technological University. He is also a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and a qualified practising BS7799 auditor.