1. Home
  2. Anti-virus industry"s best kept secret

Anti-virus industry"s best kept secret

[email protected] (New York Times)
January 7, 2013

antivirus

Consumers and businesses spend billions of dollars every year on anti-virus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. “The bad guys are always trying to be a step ahead,” said Matthew D Howard, a venture capitalist at Norwest Venture Partners. “And it doesn"t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

The anti-virus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company"s trade secrets, erasing data or emptying a consumer"s bank account.

A new study by Imperva, a data security firm in Redwood City, California, and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva"s chief technology officer, and a group of researchers collected and analysed 82 new computer viruses and put them up against more than 40 anti-virus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for anti-virus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on anti-virus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we"ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers.

Part of the problem is that anti-virus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, anti-virus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the anti-virus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame"s discovery.

Symantec and McAfee, which built their businesses on anti-virus products, have begun to acknowledge their limitations and to try new approaches. The word “anti-virus” does not appear once on their home pages. Symantec rebranded its popular anti-virus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying anti-virus is enough,” said Kevin Haley, Symantec"s director of security response. Haley said Symantec"s anti-virus products included a handful of new technologies, like behaviour-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the anti-virus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as anti-virus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

“The game has changed from the attacker"s standpoint,” said Phil Hochmuth, a Web security analyst at the research firm International Data Corporation. “The traditional signature-based method of detecting malware is not keeping up.”

Investors are backing a new crop of start-ups that turn the whole notion of security on its head. If it is no longer possible to block everything that is bad, the thinking goes, then the security companies of the future will be the ones whose software can spot unusual behaviour and clean up systems once they have been breached.

The hottest security start-ups today are companies like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack. Bit9 uses an approach known as whitelisting, allowing only traffic that the system knows is innocuous.

McAfee acquired Solidcore, a whitelisting start-up, in 2009, and Symantec"s products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee"s former chief executive, David G DeWalt, was rumoured to be a contender for the top job at Intel, which acquired McAfee in 2010. Instead, he joined FireEye, a start-up with a system that isolates a company"s applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through. Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to start CrowdStrike, a start-up that offers a similar forensics service.

Seculert, an Israeli start-up, approaches the problem somewhat differently. It looks at where threats are coming from — the command and control centers used to coordinate attacks — to give governments and businesses an early warning system.

As the number of prominent online attacks rises, analysts and venture capitalists are betting that corporate spending patterns will change. “Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,” Hochmuth said. “Very soon, if you are not running these technologies and you"re a security professional, your colleagues and counterparts will start to look at you funny.”

Companies have started working from the assumption that they will be hacked, Hochmuth said, and that when they are, they will need top-notch cleanup crews. If and when anti-virus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.

In October, the FBI warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple"s app store.

McAfee, Symantec and others are working on solutions, and Lookout, a start-up whose products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.

“The bad guys are getting worse,” Howard of Norwest said. “Anti-virus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 25,2020

New Delhi, Jan 25: The Patiala House court on Saturday started hearing a plea filed by the Nirbhaya convicts that alleged that the Tihar Jail administration have "not presented the papers on time".

The Public Prosecutor informed the court that Tihar Jail authorities have already supplied the relevant documents. He further informed that these are mere delaying tactics adopted by the convicts.

Advocate A.P. Singh, lawyer for three of the four death row convicts in the Nirbhaya gang-rape case had moved an application before the court seeking directions to the Tihar Jail authorities to supply him the relevant documents in order to exercise the remaining legal remedies available with the death row convicts -- Vinay Pawan and Akshay.

The Public Prosecutor also told the court that he spoke to the jail authorities over the phone and a report in this regard will be filed shortly as the jail officials were on their way to the court.

The judge demanded from the convicts lawyer to show what he has filed.

The convicts lawyer, A.P. Singh, said that he received some documents, but has still not been supplied with the personal diary of one of the convict -- Vinay Kumar Sharma and also the medical documents.

Judge then asked the lawyer to wait for until the report arrives form the Tihar Jail.

On this, the convicts lawyer said he was not questioning the intention of the jail. "I know the jail has been changed. It isn't there fault, too," he said.

The Public Prosecutor refuted the allegation saying that the defence counsel was trying to defeat the speed of law.

"We have supplied all the documents to the counsel. We have supplied all the documents except the painting and some other documents. We have nothing apart from that," public prosecutor said.

Singh, in his plea filed before the Patiala House Court sought urgent orders of the court in order to file a mercy petition of Vinay Sharma and in relation to requests for documents for convicts Vinay Sharma, Pawan Kumar Gupta and Akshay Kumar Singh.

He further said that the convicts undertook several steps to obtain relevant information necessary for filing the mercy petitions. In regular interval, the convicts requested the concerned authority to supply documents pertaining to their medical records from 2012 to 2015 and 2019-2020, records of cellular confinement, records of the amount earned in prison through labour, records of educational and reformative activities like Tihar Olympics and Painting, etc.

The Supreme court had recently dismissed the curative petition for the other two convicts -- Vinay Kumar Sharma (26) and Mukesh Singh (32).

The court had recently issued death warrant against the convicts and fixed 6 a.m. on February 1 as the date and time of execution of the death penalty.

The 23-year-old victim in the case was brutally gang raped and tortured on December 16, 2012, which later led to her death. All the six accused were arrested and charged with sexual assault and murder. One of the accused was a minor and appeared before a juvenile justice court, while another accused committed suicide in Tihar Jail.

Four of the convicts were sentenced to death by a trial court in September 2013, and the verdict was confirmed by the Delhi High Court in March 2014 and subsequently upheld by the Supreme Court in May 2017, which also dismissed their review petitions.

A Juvenile involved in the crime was convicted by a juvenile justice board and released from a reformation home after serving a three-year term.

Hearing in a different case, Chief Justice of India S.A. Bobde on Thursday said a condemned person cannot fight the death penalty endlessly and it was important for the capital punishment to reach its finality.

The death penalty, he noted, cannot be questioned at every turn by the convict.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 11,2020

Citing the current dismal aviation scenario, Air India is terminating the services of trainee cabin crew and cabin crew by withdrawing the offer of employment of those who were under training.

As per sources, the new crew and trainee pilots might reduce contracts from five years to one year. Sources said Air India is terminating 1,200 crew and employees who are more than 55-yr-old including 190 trainee pilots.

In a letter reviewed by IANS, Air India has informed an applicant who had been selected as cabin crew in August 2019 subject to successful completion of training.

"On behalf of Air India we would like to thank you for the interest shown by you in joining our organization. However, in view of the current aviation scenario, it would not be possible for Air India to impart any further training to you for engaging your services," the company said.

"In view of the above reasons, which are beyond the control of the company, it has been decided to discontinue your training arrangements and dispense with the offer of engagement with immediate effect. The bank guarantee furnished by you at the time of joining is returned herewith," Air India told the cabin crew.

"Once again on behalf of Air India we thank you for your cooperation and trust that you will appreciate the circumstances under which we are constrained to discontinue the training arrangements," the carrier said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 10,2020

In the wake of the gas leak at a factory in Visakhapatnam, the National Disaster Management Authority (NDMA) has issued detailed guidelines for restarting industries after the lockdown and the precautions to be taken for the safety of the plants as well as the workers.

In a communication to all states and union territories, the NDMA said due to several weeks of lockdown and the closure of industrial units, it is possible that some of the operators might not have followed the established standard operating procedures.

As a result, some of the manufacturing facilities, pipelines, valves may have residual chemicals, which may pose risk. The same is true for the storage facilities with hazardous chemicals and flammable materials, it said.

The NDMA guidelines said while restarting a unit, the first week should be considered as the trial or test run period after ensuring all safety protocols.

Companies should not try to achieve high production targets. There should be 24-hour sanitisation of the factory premises, it said.

The factories need to maintain a sanitisation routine every two-three hours especially in the common areas that include lunch rooms and common tables which will have to be wiped clean with disinfectants after every single use, it added.

For accommodation, the NDMA said, sanitisation needs to be performed regularly to ensure worker safety and reduce the spread of contamination.

To minimise the risk, it is important that employees who work on specific equipment are sensitised and made aware of the need to identify abnormalities like strange sounds or smell, exposed wires, vibrations, leaks, smoke, abnormal wobbling, irregular grinding or other potentially hazardous signs which indicate the need for immediate maintenance or if required shutdown, it said.

At least 11 people lost their lives and about 1,000 others were exposed to a gas leak at a factory in Andhra Pradesh''s Visakhapatnam on May 7.

The incident took place after it restarted operations when the government allowed industrial activities in certain sectors following several weeks of lockdown.

The lockdown was first announced by Prime Minister Narendra Modi on March 24 for 21 days in a bid to combat the coronavirus threat. The lockdown was then extended till May 3 and again till May 17.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.