Talking malware with Eugene Kaspersky
MOSCOW -- Amidst growing chatter that the anti-virus/anti-spyware market is gasping for air, a veteran virus fighter says desktop security products must add new protection mechanisms to keep pace with aggressive online criminals.
Eugene Kaspersky, founder/CEO of 10-year-old Kaspersky Lab, says next-generation anti-malware products will have to combine whitelist/blacklist approaches with HIPS (host intrusion prevention system), sandboxing and virtualization to provide what he calls "hybrid protection" for desktops.
"The perimeter is slowly disappearing," Kaspersky said during a presentation to a group of international journalists here. "It's getting more and more difficult for reactive [security] technologies to handle the current threats. The world is getting more and more mobile with notebooks, smart phones and Wi-Fi everywhere. We have to develop special products to deal with this new world," he added.
[ SEE: The anti-spyware market that never existed is officially dead ]
The new protection approaches -- already being built into in security suites from Kaspersky Lab, Microsoft (with OneCare) and Symantec (with Norton 360) -- will maintain the signature-based blacklist/whitelist capabilities and the behavior-based heuristic analyzers but, in future versions, Kaspersky sees HIPS and sandboxing playing major roles in keeping untrusted software at bay.
With HIPS, sandboxing and virtualization, Kaspersky touted an "open space security" concept that can be combined with vulnerability management capabilities. "We have to build advanced techniques to find and stop new threats... things like rootkit detection, self-protection methods, deep security analyzers," he added.
During his talk, Kaspersky looked back at the last ten years of fighting malware -- from the first file infectors and macro viruses in the 1980s through the network worms in the 1990s to the current crimeware era of for-profit spam/botnet rings.
"At least five malware samples emerge every two minutes," he declared, pointing out that malware authors are now automating the creation of malicious executables, participating in underground vulnerability brokering and using all kinds of techniques to evade security software.
[ SEE: Kaspersky Lab eyes IPO, acquisitions ]
Kaspersky said the main malware distribution techniques have gradually changed to maximize the use of infected Web pages (drive-by downloads) and pre-infected zombie networks (Trojan downloaders), zero-day exploits and clever social engineering via spam and Web forums.
"It is impossible to point to any one 'main' behavior [of malware]," he said. For instance, password stealers now have keylogging functionalities and Trojan downloaders can also be used to send spam and act as botnet clients.
"Modern malware is easy to do and very profitable. They can fight against anti-malware products, hide from anti-virus scanners and even update themselves automatically," he said.
To fight back effectively, Kaspersky said the new wave of all-in-one solutions must replace the existing approach to fighting viruses.