AVIEN

How to JOIN

Member Comments  

Membership Rules

Posting Guidelines

Code of Conduct

Press Contacts

Some of the people in AVIEN

Home    AVIEN    News    Contacts    Links

     
AVIEN is an international on-line grassroots community of security professionals in large organizations dedicated to a cooperative information sharing effort to reduce the impact of malicious code (viruses, worms, Trojan Horses, Spyware) and other related vulnerabilities.
       

AVIEN - What's it all about?

For many years, security specialists around the world working to defend their organizations against attacks from viruses, worms and other forms of malware had essentially two choices if they wanted to learn more about this topic: work in relative isolation or be invited to join a vendor-oriented group. The vendor-oriented groups (CARO, REVS, V-FORUM, AVPD,  etc.) were designed from the beginning to respond to the need to share information, but membership was usually restricted to those who worked for a software vendor or occasional corporate employees and university researchers who were invited to join to share their insights.

For the vast majority of specialists working in large organizations on malware defense, there was little hope of entering that circle. They could read the few books on the subject that were published, try to sift some information out of the noise on USENET groups like alt.comp.virus, take training from vendors, and do their own research. Meanwhile, the complexity of mounting defenses grew constantly, as more and more operating systems and networks were subject to malware attack.

The time was ripe to approach this problem in a more holistic manner.

From a simple gathering during the cocktail hour

In the fall of 2000, some attendees at an Anti-Virus conference gathered during the opening cocktail hour and started discussing the need for better sources of up-to-date information and resources for dealing with malware threats. They wanted to stop re-inventing the wheel and to learn from the efforts of other anti-virus specialists.

They also wanted a forum where they could talk openly about their issues concerning AV companies and products.

During Robert Vibert's presentation on Anti-Virus solution deployment in enterprise environments, he offered to coordinate the formation of a group of like-minded people to discuss these topics. Inside AVIEN, we fondly refer to this as our "conception". During the remainder of the conference, people pressed their business cards into his hands and he diligently filed them in his pockets.

A few weeks later, he contacted these people to confirm that they were really interested in collaborating like this. The response was overwhelmingly in favor of advancing, and as a result, the world witnessed the formation (birth) of a closed, private network which has begun to make a real mark on the world of malware defense. AVIEN has become a dynamic grassroots network of specialists who assist each other daily and save their organizations thousands of dollars each year.  Every day, AVIEN members talk with each other about the latest hot topics in dealing with malware. Common problems are discussed, ideas, insights and comments shared, to the benefit of all.

AVIEN has also been the catalyst for the formation of an Anti-Virus Information & Early Warning System (AVIEWS) which encompasses not only people in large organizations, but vendors and smaller organizations as well. Click here to read about the AVI-EWS.

ByteMatrix Limited took over the administration of AVIEN/AVIEWS from Segura Solutions on the 20th of December 2003.

Objectives of AVIEN

The objectives of AVIEN are as follows:

  • share information about the Anti-Virus and malware reality in each organization
  • share information about the techniques used to combat viruses and other malware
  • share information about Anti-Virus vendors and products
  • share information about viruses causing problems
  • participate in an Early Warning System (the AVI-EWS is often hours faster than any other entity at alerting subscribers to spreading malware threats)

AVIEN Membership Requirements

AVIEN Membership is restricted to professionals, working in organizations, and meeting the following criteria:

  • They do not work for an organization that commercially sells or markets Anti-Virus software/hardware or related products
  • They manage or are responsible for a user population in excess of 1500 (if you don't quite meet this requirement, please feel free to submit your application anyway - we'll take other factors into account, if warranted)
  • They agree to abide by the group rules as described here and below.
    Specific AVIEN Terms and Conditions will also apply and members will understand that all violations will be dealt with by an elected Disciplinary Committee.

Membership is at an individual level, not corporate. Membership does not imply endorsement in any shape or form of the organizations employing members.

 

AVIEN Membership Benefits

AVIEN members receive a number of benefits:

  • They discuss with their peers the Anti-Virus software/hardware issues that concern them
  • They receive support in their efforts to implement changes in how defenses are organized
  • They receive a subscription to all the AVI-EWS services, in addition to AVIEN-specific mailing lists
  • They enjoy the warmth of a community of practice which has developed
  • They read some really bad donut jokes

Alerts and Advisories - Not only do we send out alerts, but we also inform each other about suspicious incidents before they explode into real alert-type situations. For example, the Homepage.vbs malware was being discussed by AVIEN and AVI-EWS members the day before it made its mark on the world.

Peer Discussions - Upon joining AVIEN, you also receive an automatic subscription to the AVI-EWS, which grants you access to a number of discussion mailing lists, where you can discuss viruses with top vendor and non-vendor Anti-Virus specialists. An important factor to remember is that discussions are always at a professional level - no flames are allowed. See the rules for more information.

Mailing Lists - AVIEN members can subscribe to more than ten mailing lists, including:

- AVI-EWS Alert: provides alert notifications (very low traffic)
- AVI-EWS Advisory: provides updates on potential threats (low traffic)
- AVI-EWS Virus Discuss: a forum to discuss viruses and other malware (medium-high traffic)
- AVI-EWS Talk: talk about Anti-Virus topics in general (medium traffic)
- AVI-EWS Vuln-Discuss: talk about security vulnerabilities which may be connected to malware (medium-low traffic)
- Product certification: discussions on how to test and evaluate anti-malware products (low traffic)
- Free tools: discussion on free software tools which can be used to fight malware (low traffic)
- Cooperate: a list for discussing how we can work together to make it a safer computer world
- SMB Lure tool: discussion on the SMB lure software tool which is used to track worms (the author of this tool participates).

As well as a mailing list to discuss management of AV solutions and a number of AV product-specific lists.

Confidential email address - as an AVIEN member, you can obtain your very own @avien.org mail address. The true owner of this address is known only by you and the AVIEN mail administrator. This ensures that you can make comments in the lists without any risk of these comments being associated with your employer. In today's world, this can be an important benefit which reduces the risk to both you and your employer.

AVIEN and Virus Bulletin are pleased to announce that special discount pricing for subscriptions to Virus Bulletin has been arranged for AVIEN members.

What if you don't qualify for AVIEN membership?

Don't despair - you can always join the Anti-Virus Information & Early Warning System and get access to the AVI-EWS services. Every day, AVI-EWS subscribers and AVIEN members discuss viruses and what's going on in the AV world, including what products are catching or missing which pieces of malware.


AVIEN Discussion topics

These are some of the topics we've discussed:

  • Characteristics of malicious code as discovered, particularly those that propagate quickly by exploiting common vulnerabilities.
  • Problems/insights on enterprise deployment of the different AV packages with emphasis on pitfalls and time saving techniques.
  • Tweaking the different AV heuristic detection engines to reduce false-positives without impairing/decreasing AV capabilities.
  • Lessons learned - Are you seeing a problem with vendor X and what did you do about it?
  • Virus countermeasures, other than AV scanning software
  • Monitoring virus activity within a corporation
  • Techniques for fighting major virus outbreaks
  • Common problems such as the lack of a virus naming convention.
  • Software distribution methods and issues
  • Verification methods - How do you check to make sure your user base is up to date?
  • Exchange - What works best on a clustered environment?
  • Opinions on the trend towards AV companies providing on-site services
"I want you to know how effective our participation in AVIEN has been. Not only has it provided the unparalleled benefit of Early Warning when new, fast moving viruses are discovered but it also provides a forum for the exchange metrics, defense strategies, and software and signature quality control issues."
Virus defense is not an exact science, but rather it is an art, and it has been made much easier to be effective with the information exchanged through AVIEN. Many thanks."
Russ Cluett MCSE CISSP Security Engineer, Information Assurance EDS Canada AVIEN Founding Member

Member's role

Discuss -  this network works because people participate. This is an active community and we all gain from the experience and expertise we share.  If you are a little shy, we don't mind if you sit on the sidelines and watch for a while. Read the FAQ for more info. We now offer archival access to major discussions, so you can catch up on past topics.

Who belongs to AVIEN?

  • Current AVIEN members include professionals who work at companies like 3M, Delta, EDS, Ford, Nortel Networks, Prudential, Public Works Canada, TELUS, Tyco, and Wells Fargo, to name just a very few. There are hundreds of members, from countries all around the world.

  • AVIEN members come from many different sectors, including industry, government, finance, consultants, education, etc., including some of the largest organizations with hundreds of thousands of PCs.

  • These organizations do not sponsor, endorse, or have any corporate involvement with the network, which can be likened to a private club. Members do not speak for these organizations, nor represent them in any manner while in the group discussions.

The number of users represented by AVIEN and AVI-EWS exceeded 5 million as of April 8, 2002. We stopped counting at that point - we had reached the stage of representing more users than any other similar security oriented organization.

AVIEN and the AVI-EWS are hosted and administered by ByteMatrix Ltd.

Last update to this page: March 27, 2007

T-shirts and Stuff
Home    AVIEN    News    Contacts    Links