Talking malware with Eugene Kaspersky

Talking malware with Eugene Kaspersky

Summary: Amidst growing chatter that the anti-virus/anti-spyware market is gasping for air, a veteran virus fighter says desktop security products must add new protection mechanisms to keep pace with aggressive online criminals.

TOPICS: Security, Malware

Talking malware with Eugene Kaspersky

MOSCOW -- Amidst growing chatter that the anti-virus/anti-spyware market is gasping for air, a veteran virus fighter says desktop security products must add new protection mechanisms to keep pace with aggressive online criminals.

Eugene Kaspersky, founder/CEO of 10-year-old Kaspersky Lab, says next-generation anti-malware products will have to combine whitelist/blacklist approaches with HIPS (host intrusion prevention system), sandboxing and virtualization to provide what he calls "hybrid protection" for desktops.

"The perimeter is slowly disappearing," Kaspersky said during a presentation to a group of international journalists here.  "It's getting more and more difficult for reactive [security] technologies to handle the current threats. The world is getting more and more mobile with notebooks, smart phones and Wi-Fi everywhere.  We have to develop special products to deal with this new world," he added.

[ SEE: The anti-spyware market that never existed is officially dead ]

The new protection approaches -- already being built into in security suites from Kaspersky Lab, Microsoft (with OneCare) and Symantec (with Norton 360) -- will maintain the signature-based blacklist/whitelist capabilities and the behavior-based heuristic analyzers but, in future versions, Kaspersky sees HIPS and sandboxing playing major roles in keeping untrusted software at bay.

With HIPS, sandboxing and virtualization, Kaspersky touted an "open space security" concept that can be combined with vulnerability management capabilities.  "We have to build advanced techniques to find and stop new threats... things like rootkit detection, self-protection methods, deep security analyzers," he added.

During his talk, Kaspersky looked back at the last ten years of fighting malware -- from the first file infectors and macro viruses in the 1980s through the network worms in the 1990s to the current crimeware era of for-profit spam/botnet rings.

"At least five malware samples emerge every two minutes," he declared, pointing out that malware authors are now automating the creation of malicious executables, participating in underground vulnerability brokering and using all kinds of techniques to evade security software.

[ SEE: Kaspersky Lab eyes IPO, acquisitions ]

Kaspersky said the main malware distribution techniques have gradually changed to maximize the use of infected Web pages (drive-by downloads) and pre-infected zombie networks (Trojan downloaders), zero-day exploits and clever social engineering via spam and Web forums.

"It is impossible to point to any one 'main' behavior  [of malware]," he said. For instance, password stealers now have keylogging functionalities and Trojan downloaders can also be used to send spam and act as botnet clients.

"Modern malware is easy to do and very profitable.  They can fight against anti-malware products, hide from anti-virus scanners and even update themselves automatically," he said.

To fight back effectively, Kaspersky said the new wave of all-in-one solutions must replace the existing approach to fighting viruses.

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • All of which comes back to the same conclusion

    You just cannot depend upon anti-malware vendors anymore. They themselves are finding it difficult to protect their customers. Sure, thay may be there as an additional layer of protection, but the main layer is and always should be the user. Know all methods by which you can be infected, and you will be protected. It is not rocket science. User education is essential, stronger defaults are needed, the time has come to streamline the security processes rather than retrospectively counter malware.
    • ...the same conclusion, which doesn't work....

      You can educate the user all you want, but it still comes down to the fact that most end-users these days are just plain technology-challenged (the non-politically-correct term being "stupid"). Trying to explain to a husband/wife that their kids' surfing habits are causing catastrophic meltdowns on their PC, even though they're running "the best software out there", is like like trying to explain quantum physics to a 2-yr-old; they're just not gonna get it.

      I am starting a little program with all my "off-duty" customers (all 5 of them) that requires them to maintain a remote-management program on their system so that, should something go wrong, I can remote-fix it instead of having to try and troubleshoot over the phone, or waste valuable time getting to/from their place of business/residence. So far, this is working well. The point of this is not only do you have to set up the protection in the first place, you want to make it so that there's as little interaction with the customer as possible in regards to maintenance. Remember: customers are stupid. Make it so they don't have to do anything on their own, and they'll be happy campers.
      GoodmanCPA-IT Tech
      • RE: consumers being "technologically challenged"

        Have you nailed it!!!! The "Average Joe 6 Pack" thinks 'security' is the deadbolt on the front door of the place. Nevermind, that criminals can steal financial information right out of his computer. They just don't [b]get it!!![/b] And good luck in trying to explain it to them. So many amount to [b]"Forest Dumps".[/b] [i](All puns [u]intended.)[/u][/i]
        • In that case harden the installation

          If users are such fools, then they wont be installing any software anyway voluntarily,. For them, just keep them on limited accounts with DEP. And charge them for service. Much of the malware problem has been made by us acting as "good samaritans" and spoon feeding them. That way, at least to save money, some of them will learn, or at least a person who is providing good service will hace well earned money
          • "Click Next to continue...."

            It sounds like you don't have a lot of experience in the stupid-customer realm. Granted, in the business/office environment, there are a lot of dumb users, but the majority of malware attacks and problems stem from home consumer users; the majority of THOSE problems stem from kids downloading software that has malware attached. This isn't a free business; I make a decent amount of side change fixing people's stupidity. So long as people remain stupid and mess up their systems, I will make money. There's nothing wrong with that.
            GoodmanCPA-IT Tech
        • Sadly, it's not just "Average Joes" either

          Last night I had an extended "discussion" with my brother-in-law (who is more than somewhat educated in computer matters - albeit on Macs which is not my area of expertise). He was at my father-in-law's house trying to get onto their wireless network and was frustrated that I had set up "so much stupid security" on the network and the access point. Apparently, he was about 30 seconds away from resetting the router to factory defaults and leaving them that way.

          No matter how many times I tried to explain that leaving your wireless network wide open to the world is just asking for trouble these days, he just didn't seem to get it (or just refused). Forget what OS you use - do that's just plain dumb in my opinion. Of course, it turned out that he kept fat-fingering the passphrase so in the end, where was the problem? With the so-called "over zealous" information security professional (me)? Or with the WILLFULLY ignorant end-user (him)?
  • I think its easier to shoot

    the hackers on sight when caught and be done with it.
    • Sure, but... have to FIND them first!
      • Are certificates the answer?

        I see a day coming where users won't be able to install software that doesn't have a digital signature that can be traced back to the creator.
    • RE: I think its easier to shoot

      No_Axe, that's too easy. If you are a Startrek fan, do you remember a Klingon weapon called a 'Batleth'?? (Nasty looking thing.) I think, hackers should be executed by being split in half (head to toe) with one of those things, [b]live over the Internet.[/b]
  • RE: Talking malware with Eugene Kaspersky

    I've been using Kaspersky for years and they've always kept me safe. I'm on the internet constantly and these guys are always on top of whatever virus or spyware is out there in order to protect you from it.
  • Dying is too good for these people.

    Shooting or killing these people is waste of expensive bullets or methods. We need to send them Gitmo, Abu Ghraib or some place worst and torture them with the total lack of technology or the like.
  • RE: Talking malware with Eugene Kaspersky

    The malware makers are extremely bored people with technology in their hands. If we can channel this talent to something useful for all of us.
    I think Eugene Kaspersky has the correct idea that malware is not only viruses but other methods of breaking to ones computer and getting or destroying the data therein. We need to prevent all forms of attack so we don't have our proverbial "rear ends" out in the open.
  • Ok, shooting them was "kind of" a joke but...

    To be honest the entire AV thing is getting out of hand. I mean the idea of buying a new Dual/Quad core PC is to get speed right? Well building sandbox's and virtual machines to run anything is like rowing a boat with the anchor down. Sure you can do it, but don't try to win any races.

    Beyond that, the AV companies love hackers (regardless of what they say in public) because without them, the AV companies are out of business. Many have even speculated that some of the hacks are done by the AV conpanies or they find a hole and let the hackers know its there.

    Vista, despite some of its other short comings, had gone a long ways to slow a lot of this down by not allowing users to log on as Admin every time and forcing the UAC to report any code trying to install/run itself. Another improvement is the "certificate" verification process. Currently you can still install things without a certificate but I see that being tightened down a lot in the future and all in all I think that is also a good thing. (I'm thinking Vista 64-bit here.)

    Bottom line, I think the real goal should be to eliminate the need of AV software...
    • Linux fans seem to swear by virtualization...

      They often claim it even runs some OS faster than out side the "box". Are your commments Windows specific? In other words are you saying VM just doesn't work worth a hoot on Windows; or just that it doesn't work worth a hoot at all?
      • Doesn't run faster on my Linux install

        Running Novell and it deffinately slows over all machine performance.
        • Thanks No_Ax. I appreciate it! (NT)

      • Wrong and quite false

        What do you mean often claim? I've never heard one person claim
        virtualization runs any OS faster. In fact virutalization slows
        your machine down to a near crawl. Why do I offended? I'm a
        Linux fan (and am involved with lots of other Linux fans)
        • Even the Apple adds suggest Windows runs faster...

          on a Mac. My understanding(true meaning not-withstanding)was virtualization. I don't think Apple wants people going out to buy Windows to install on their Macs; I feel they would be referring to people that already own a Windows license to an application, like Office 2007. The way Apple resisted the idea to installing the OS legally on their machines, it would seem inconceivable they would promote dual booting.

          I've read many claims that the Windows OS runs faster in virtualization on a Linux/Unix box; I didn't hear them claim it made the Linux box run faster. I am certainly not claiming any such thing as fact, only that I see many references to this.

          I see promotion for Windows application virtualization for Linux & Unix all the time. In fact, my brother has been receiving tips from developers to run XP OS on his Macs for testing operational ability with automated controls. If this is actually "emulation" I stand corrected. But I don't know of any "simulators" or "emulators" that can port actual signaling as an output.

          You must not read many blogs, other than pure Linux discussions . I don't belong to a Linux community yet, so I can't attest to the reality there.
    • "The real goal" is Utopia

      More secure OS's applications without security holes; utopia will not happen while people are programming. Therefore we need the anti-malware industry as we need the police.