1. Home
  2. Anti-virus industry"s best kept secret

Anti-virus industry"s best kept secret

[email protected] (New York Times)
January 7, 2013

antivirus

Consumers and businesses spend billions of dollars every year on anti-virus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. “The bad guys are always trying to be a step ahead,” said Matthew D Howard, a venture capitalist at Norwest Venture Partners. “And it doesn"t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

The anti-virus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company"s trade secrets, erasing data or emptying a consumer"s bank account.

A new study by Imperva, a data security firm in Redwood City, California, and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva"s chief technology officer, and a group of researchers collected and analysed 82 new computer viruses and put them up against more than 40 anti-virus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for anti-virus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on anti-virus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we"ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers.

Part of the problem is that anti-virus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, anti-virus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the anti-virus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame"s discovery.

Symantec and McAfee, which built their businesses on anti-virus products, have begun to acknowledge their limitations and to try new approaches. The word “anti-virus” does not appear once on their home pages. Symantec rebranded its popular anti-virus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying anti-virus is enough,” said Kevin Haley, Symantec"s director of security response. Haley said Symantec"s anti-virus products included a handful of new technologies, like behaviour-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the anti-virus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as anti-virus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

“The game has changed from the attacker"s standpoint,” said Phil Hochmuth, a Web security analyst at the research firm International Data Corporation. “The traditional signature-based method of detecting malware is not keeping up.”

Investors are backing a new crop of start-ups that turn the whole notion of security on its head. If it is no longer possible to block everything that is bad, the thinking goes, then the security companies of the future will be the ones whose software can spot unusual behaviour and clean up systems once they have been breached.

The hottest security start-ups today are companies like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack. Bit9 uses an approach known as whitelisting, allowing only traffic that the system knows is innocuous.

McAfee acquired Solidcore, a whitelisting start-up, in 2009, and Symantec"s products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee"s former chief executive, David G DeWalt, was rumoured to be a contender for the top job at Intel, which acquired McAfee in 2010. Instead, he joined FireEye, a start-up with a system that isolates a company"s applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through. Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to start CrowdStrike, a start-up that offers a similar forensics service.

Seculert, an Israeli start-up, approaches the problem somewhat differently. It looks at where threats are coming from — the command and control centers used to coordinate attacks — to give governments and businesses an early warning system.

As the number of prominent online attacks rises, analysts and venture capitalists are betting that corporate spending patterns will change. “Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,” Hochmuth said. “Very soon, if you are not running these technologies and you"re a security professional, your colleagues and counterparts will start to look at you funny.”

Companies have started working from the assumption that they will be hacked, Hochmuth said, and that when they are, they will need top-notch cleanup crews. If and when anti-virus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.

In October, the FBI warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple"s app store.

McAfee, Symantec and others are working on solutions, and Lookout, a start-up whose products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.

“The bad guys are getting worse,” Howard of Norwest said. “Anti-virus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 28,2020

Bengaluru, Jul 28: Congress leader Siddaramaiah on Monday alleged that BJP is trying to destabilise the Congress government in Rajasthan.

"It is the duty of the Governor to act according to the decision of the state cabinet. But he is acting like a central government puppet," he said at a protest organised here by Karnataka Pradesh Congress Committee (KPCC).

He said the Congress is protesting across the country to save democracy and save the constitution.

"We are not fighting through violence. We are protesting peacefully. The Constitution has given the right to protest in a democratic system," he said.

He accused the BJP of "being disrespectful" to the Constitution.

"Governments must walk within the framework of the Constitution. The Constitution gives everyone rights and duties. BJP destabilises elected governments and buys our legislators by horse-trading by spending crores of money. The same thing happened in Karnataka as well," he alleged.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
April 17,2020

Paris, Apr 17: Even as virologists zero in on the virus that causes COVID-19, a very basic question remains unanswered: do those who recover from the disease have immunity?

There is no clear answer to this question, experts say, even if many have assumed that contracting the potentially deadly disease confers immunity, at least for a while.

"Being immunised means that you have developed an immune response against a virus such that you can repulse it," explained Eric Vivier, a professor of immunology in the public hospital system in Marseilles.

"Our immune systems remember, which normally prevents you from being infected by the same virus later on."

For some viral diseases such a measles, overcoming the sickness confers immunity for life.

But for RNA-based viruses such as Sars-Cov-2 -- the scientific name for the bug that causes the COVID-19 disease -- it takes about three weeks to build up a sufficient quantity of antibodies, and even then they may provide protection for only a few months, Vivier told AFP.

At least that is the theory. In reality, the new coronavirus has thrown up one surprise after another, to the point where virologists and epidemiologists are sure of very little.

"We do not have the answers to that -- it's an unknown," Michael Ryan, executive director of the World Health Organization's Emergencies Programme said in a press conference this week when asked how long a recovered COVID-19 patient would have immunity.

"We would expect that to be a reasonable period of protection, but it is very difficult to say with a new virus -- we can only extrapolate from other coronaviruses, and even that data is quite limited."

For SARS, which killed about 800 people across the world in 2002 and 2003, recovered patients remained protected "for about three years, on average," Francois Balloux director of the Genetics Institute at University College London, said.

"One can certainly get reinfected, but after how much time? We'll only know retroactively."

A recent study from China that has not gone through peer review reported on rhesus monkeys that recovered from Sars-Cov-2 and did not get reinfected when exposed once again to the virus.

"But that doesn't really reveal anything," said Pasteur Institute researcher Frederic Tangy, noting that the experiment unfolded over only a month.

Indeed,several cases from South Korea -- one of the first countries hit by the new coronavirus -- found that patients who recovered from COVID-19 later tested positive for the virus.

But there are several ways to explain that outcome, scientists cautioned.

While it is not impossible that these individuals became infected a second time, there is little evidence this is what happened.

More likely, said Balloux, is that the virus never completely disappeared in the first place and remains -- dormant and asymptomatic -- as a "chronic infection", like herpes.

As tests for live virus and antibodies have not yet been perfected, it is also possible that these patients at some point tested "false negative" when in fact they had not rid themselves of the pathogen.

"That suggests that people remain infected for a long time -- several weeks," Balloux added. "That is not ideal."

Another pre-publication study that looked at 175 recovered patients in Shanghai showed different concentrations of protective antibodies 10 to 15 days after the onset of symptoms.

"But whether that antibody response actually means immunity is a separate question," commented Maria Van Kerhove, Technical Lead of the WHO Emergencies Programme.

"That's something we really need to better understand -- what does that antibody response look like in terms of immunity."

Indeed, a host of questions remain.

"We are at the stage of asking whether someone who has overcome COVID-19 is really that protected," said Jean-Francois Delfraissy, president of France's official science advisory board.

For Tangy, an even grimmer reality cannot be excluded.

"It is possible that the antibodies that someone develops against the virus could actually increase the risk of the disease becoming worse," he said, noting that the most serious symptoms come later, after the patient had formed antibodies.

For the moment, it is also unclear whose antibodies are more potent in beating back the disease: someone who nearly died, or someone with only light symptoms or even no symptoms at all. And does age make a difference?

Faced with all these uncertainties, some experts have doubts about the wisdom of persuing a "herd immunity" strategy such that the virus -- unable to find new victims -- peters out by itself when a majority of the population is immune.

"The only real solution for now is a vaccine," Archie Clements, a professor at Curtin University in Perth Australia, told AFP.

At the same time, laboratories are developing a slew of antibody tests to see what proportion of the population in different countries and regions have been contaminated.

Such an approach has been favoured in Britain and Finland, while in Germany some experts have floated the idea of an "immunity passport" that would allow people to go back to work.

"It's too premature at this point," said Saad Omer, a professor of infectious diseases at the Yale School of Medicine.

"We should be able to get clearer data very quickly -- in a couple of months -- when there will be reliable antibody tests with sensitivity and specificity."

One concern is "false positives" caused by the tests detecting antibodies unrelated to COVID-19.

The idea of immunity passports or certificates also raises ethical questions, researchers say.

"People who absolutely need to work -- to feed their families, for example -- could try to get infected," Balloux.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
July 25,2020

In a study conducted in 117 countries, researchers have found that the world is experiencing the most dramatic reduction in the seismic noise (the hum of vibrations in the planet's crust) in recorded history due to global COVID-19 lockdowns.

Measured by instruments called seismometers, seismic noise is caused by vibrations within the Earth, which travel like waves and the waves can be triggered by earthquakes, volcanoes, and bombs - but also by daily human activity like travel and industry.

This quiet period was likely caused by the total global effect of social distancing measures, closure of services and industry, and drops in tourism and travel, the study published in the journal Science, reported.

The new research, led by the Royal Observatory of Belgium and five other institutions around the world including Imperial College London (ICL), showed that the dampening of 'seismic noise' caused by humans was more pronounced in more densely populated areas.

"Our study uniquely highlights just how much human activities impact the solid Earth, and could let us see more clearly than ever what differentiates human and natural noise," said study co-author Stephen Hicks from ICL in the UK.

For the findings, the research team looked at seismic data from a global network of 268 seismic stations in 117 countries and found significant noise reductions compared to before any lockdown at 185 of those stations.

Researchers tracked the 'wave' of quietening between March and May as worldwide lockdown measures took hold.

The largest drops in vibrations were seen in the most densely populated areas, like Singapore and New York City, but drops were also seen in remote areas like Germany's the Black Forest and Rundu in Namibia.

Citizen-owned seismometers, which tend to measure more localised noise, noted large drops around universities and schools around Cornwall, UK and Boston, US - a drop in noise 20 per cent larger than seen during school holidays.

The findings showed that countries like Barbados, where lockdown coincided with the tourist season, saw a 50 per cent decrease in noise.

"The changes have also given us the opportunity to listen in to the Earth's natural vibrations without the distortions of human input," the study authors wrote.

Earlier in April, a study published in the journal Nature, reported at least a 30 per cent reduction in that amount of ambient human noise since lockdown began in Belgium.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.