1. Home
  2. Anti-virus industry"s best kept secret

Anti-virus industry"s best kept secret

[email protected] (New York Times)
January 7, 2013

antivirus

Consumers and businesses spend billions of dollars every year on anti-virus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. “The bad guys are always trying to be a step ahead,” said Matthew D Howard, a venture capitalist at Norwest Venture Partners. “And it doesn"t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

The anti-virus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company"s trade secrets, erasing data or emptying a consumer"s bank account.

A new study by Imperva, a data security firm in Redwood City, California, and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva"s chief technology officer, and a group of researchers collected and analysed 82 new computer viruses and put them up against more than 40 anti-virus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for anti-virus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on anti-virus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we"ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers.

Part of the problem is that anti-virus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, anti-virus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the anti-virus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame"s discovery.

Symantec and McAfee, which built their businesses on anti-virus products, have begun to acknowledge their limitations and to try new approaches. The word “anti-virus” does not appear once on their home pages. Symantec rebranded its popular anti-virus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying anti-virus is enough,” said Kevin Haley, Symantec"s director of security response. Haley said Symantec"s anti-virus products included a handful of new technologies, like behaviour-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the anti-virus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as anti-virus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

“The game has changed from the attacker"s standpoint,” said Phil Hochmuth, a Web security analyst at the research firm International Data Corporation. “The traditional signature-based method of detecting malware is not keeping up.”

Investors are backing a new crop of start-ups that turn the whole notion of security on its head. If it is no longer possible to block everything that is bad, the thinking goes, then the security companies of the future will be the ones whose software can spot unusual behaviour and clean up systems once they have been breached.

The hottest security start-ups today are companies like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack. Bit9 uses an approach known as whitelisting, allowing only traffic that the system knows is innocuous.

McAfee acquired Solidcore, a whitelisting start-up, in 2009, and Symantec"s products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee"s former chief executive, David G DeWalt, was rumoured to be a contender for the top job at Intel, which acquired McAfee in 2010. Instead, he joined FireEye, a start-up with a system that isolates a company"s applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through. Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to start CrowdStrike, a start-up that offers a similar forensics service.

Seculert, an Israeli start-up, approaches the problem somewhat differently. It looks at where threats are coming from — the command and control centers used to coordinate attacks — to give governments and businesses an early warning system.

As the number of prominent online attacks rises, analysts and venture capitalists are betting that corporate spending patterns will change. “Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,” Hochmuth said. “Very soon, if you are not running these technologies and you"re a security professional, your colleagues and counterparts will start to look at you funny.”

Companies have started working from the assumption that they will be hacked, Hochmuth said, and that when they are, they will need top-notch cleanup crews. If and when anti-virus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.

In October, the FBI warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple"s app store.

McAfee, Symantec and others are working on solutions, and Lookout, a start-up whose products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.

“The bad guys are getting worse,” Howard of Norwest said. “Anti-virus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 29,2020

New Delhi, Jun 29: Witnessing azure skies and breathable air for the last three months, Delhi on Monday recorded deterioration in its air quality, with particulate matter with diameter of 2.5 and 10 microns -- too small to be filtered out of the human body -- standing at 52 and 297 micrograms per cubic respectively.

Gufran Beig, Project Director of System of Air Quality Weather Forecasting and Research (SAFAR), said that the sudden spike in air pollution is due to a mild dust storm blowing from Rajasthan.

"Since the wind direction is changing and moist air is coming in, the air quality in Delhi will become better by tomorrow," Beig told IANS.

Central Pollution Control Board (CPCB) data showed that the overall air quality near Delhi Technical University (DTU) area stood at 326 micrograms per cubic, followed by 308 at Narela and 307 at Mundka.

Out of 36 stations, the AQI in as many as 30 stations was above 200 micrograms per cubic till 1 pm on Monday.

The System of Air Quality Weather Forecasting and Research categorises air quality in the 0-50 range as good, 51-100 as satisfactory, 101-200 as moderate, 201-300 as poor, 301-400 as very poor, and above 400 as severe.

According to SAFAR's website, "PM 10 (coarser dust particle) is the lead pollutant. AQI is likely to improve to moderate category by tomorrow, and further improvement is expected by July 1."

Researchers indicated that PM 10 and PM 2.5 will be 170 and 47 micrograms per cubic on Tuesday.

With no vehicles plying on the roads or industries shut due to the lockdown since March 25, Delhi's air quality had improved drastically.

According to a study conducted by the Indian Institute of Technology (IIT), Delhi, if the low levels of air pollution reached during the lockdown period are maintained, India's annual death toll could reduce by 6.5 lakh.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 2,2020

Paris, Jul 2: Several interacting exoplanets have already been spotted by satellites. But a new breakthrough has been achieved with, for the first time, the detection directly from the ground of an extrasolar system of this type.

An international collaboration including CNRS researchers has discovered an unusual planetary system, dubbed WASP-148, using the French instrument SOPHIE at the Observatoire de Haute-Provence (CNRS/Aix-Marseille Universite).

The scientists analysed the star's motion and concluded that it hosted two planets, WASP-148b and WASP-148c. The observations showed that the two planets were strongly interacting, which was confirmed from other data.

Whereas the first planet, WASP-148b, orbits its star in nearly nine days, the second one, WASP-148c, takes four times longer. This ratio between the orbital periods implies that the WASP-148 system is close to resonance, meaning that there is enhanced gravitational interaction between the two planets. And it turns out that the astronomers did indeed detect variations in the orbital periods of the planets.

While a single planet, uninfluenced by a second one, would move with a constant period, WASP-148b and WASP-148c undergo acceleration and deceleration that provides evidence of their interaction.

The study will shortly be published in the journal Astronomy & Astrophysics.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 21,2020

The World Health Organisation (WHO) on Saturday launched a Health Alert on WhatsApp where over 1.5 billion users can ask questions and they will be provided with reliable information about new coronavirus 24/7.

This will also serve government decision-makers by providing the latest numbers and situation reports, WhatsApp said in a statement.

To contact the WHO Health Alert, save the number +41 79 893 1892 in phone contacts, and then simply text the word 'Hi' in a WhatsApp message to get started.

The service responds to a series of prompts and will be updated daily with the latest information.

"You can also visit the WhatsApp Coronavirus Information Hub at whatsapp.com/coronavirus," and click on the WHO link on the homepage to open up a chat with the WHO Health Alert if you have WhatsApp installed," said the micro-blogging platform.

The WHO Health Alert will provide official information on topics such as how to protect yourself from infection, travel advice, and debunking new coronavirus myths.

The service is initially launching in English but will be available in all six languages within the coming weeks (English, Arabic, Chinese, French, Russian and Spanish.)

"Digital technology gives us an unprecedented opportunity for vital health information to go viral and spread faster than the pandemic. We are proud to have partners like Facebook and WhatsApp, that are supporting us in reaching billions of people with important health information," said Dr Tedros Adhanom Ghebreyesus, Director-General of the WHO.

The WHO Health Alert is the latest official NGO or government helpline to become available on WhatsApp, joining the Singapore Government, The Israel Ministry of Health, the South Africa Department of Health, and KOMINFO Indonesia.

Earlier this week, WhatsApp, in partnership with the World Health Organization, UNICEF, and UNDP, launched the WhatsApp Coronavirus Information Hub. The hub offers general tips and resources for users around the world to reduce the spread of rumours and connect with accurate health information.

WhatsApp also announced a $1 million grant to the International Fact Checking Network to support fact-checking for the #CoronaVirusFacts Alliance.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.