1. Home
  2. Anti-virus industry"s best kept secret

Anti-virus industry"s best kept secret

[email protected] (New York Times)
January 7, 2013

antivirus

Consumers and businesses spend billions of dollars every year on anti-virus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. “The bad guys are always trying to be a step ahead,” said Matthew D Howard, a venture capitalist at Norwest Venture Partners. “And it doesn"t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

The anti-virus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company"s trade secrets, erasing data or emptying a consumer"s bank account.

A new study by Imperva, a data security firm in Redwood City, California, and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva"s chief technology officer, and a group of researchers collected and analysed 82 new computer viruses and put them up against more than 40 anti-virus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for anti-virus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on anti-virus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we"ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers.

Part of the problem is that anti-virus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, anti-virus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the anti-virus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame"s discovery.

Symantec and McAfee, which built their businesses on anti-virus products, have begun to acknowledge their limitations and to try new approaches. The word “anti-virus” does not appear once on their home pages. Symantec rebranded its popular anti-virus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying anti-virus is enough,” said Kevin Haley, Symantec"s director of security response. Haley said Symantec"s anti-virus products included a handful of new technologies, like behaviour-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the anti-virus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as anti-virus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

“The game has changed from the attacker"s standpoint,” said Phil Hochmuth, a Web security analyst at the research firm International Data Corporation. “The traditional signature-based method of detecting malware is not keeping up.”

Investors are backing a new crop of start-ups that turn the whole notion of security on its head. If it is no longer possible to block everything that is bad, the thinking goes, then the security companies of the future will be the ones whose software can spot unusual behaviour and clean up systems once they have been breached.

The hottest security start-ups today are companies like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack. Bit9 uses an approach known as whitelisting, allowing only traffic that the system knows is innocuous.

McAfee acquired Solidcore, a whitelisting start-up, in 2009, and Symantec"s products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee"s former chief executive, David G DeWalt, was rumoured to be a contender for the top job at Intel, which acquired McAfee in 2010. Instead, he joined FireEye, a start-up with a system that isolates a company"s applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through. Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to start CrowdStrike, a start-up that offers a similar forensics service.

Seculert, an Israeli start-up, approaches the problem somewhat differently. It looks at where threats are coming from — the command and control centers used to coordinate attacks — to give governments and businesses an early warning system.

As the number of prominent online attacks rises, analysts and venture capitalists are betting that corporate spending patterns will change. “Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,” Hochmuth said. “Very soon, if you are not running these technologies and you"re a security professional, your colleagues and counterparts will start to look at you funny.”

Companies have started working from the assumption that they will be hacked, Hochmuth said, and that when they are, they will need top-notch cleanup crews. If and when anti-virus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.

In October, the FBI warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple"s app store.

McAfee, Symantec and others are working on solutions, and Lookout, a start-up whose products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.

“The bad guys are getting worse,” Howard of Norwest said. “Anti-virus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 22,2020

Kochi, May 22: During the nationwide COVID-19 lockdown, Kerala recorded the highest number of cyber attacks followed by Punjab and Tamil Nadu, a study by anti-virus software firm K7 Computing said on Thursday.

In a statement issued in Chennai, the company said its K7 Computing's Cyber Threat Report, a comprehensive analysis of cyber attacks during the lockdown has found that Kerala recorded the highest number of cyber attacks during this period. The report analyses various cyber attacks within India during the pandemic and reveals that threat actors targeted the state with COVID-themed attacks aimed at exploiting user trust.

In Kerala, regions like Kottayam, Kannur, Kollam, and Kochi saw the highest hits with 462, 374, 236, and 147 attacks respectively, while the state as a whole saw around 2,000 attacks during the period - the highest thus far in the country.

This was followed by Punjab with 207 attacks and Tamil Nadu with 184 attacks, the company said.

The sudden surge in the frequency of attacks witnessed from February 2020 to mid-April 2020 indicates that scamsters across the world were exploiting the widespread panic around coronavirus at both the individual and corporate level.

These attacks aimed to compromise computers and mobile devices to gain access to users' confidential data, banking details, and cryptocurrency accounts.

The key threats seen during this period ranged from phishing attacks to rogue apps disguised as COVID-19 information apps that targeted users' sensitive data. Phishing attacks were noticed more in Tier-II and Tier-III cities while the metros fared better. Smaller cities saw over 250 attacks being blocked per 10,000 users.

Users from Ghaziabad and Lucknow seem to have faced almost 6 and 4 times the number of attacks as Bengaluru users.

According to the statement, a majority of the recorded attacks were phishing attacks with sophisticated campaigns that could easily snare even the most educated users. These attacks were aimed at heightening users' fears and creating a sense of urgency to take action.

K7 Labs noticed phishing attacks where scamsters posed as representatives of the United States Department of Treasury, the World Health Organization (WHO), and the Centres for Disease Control and Prevention (CDC), the company said.

Users were encouraged to visit links that would automatically download malware on the host computer such as the Agent Tesla keylogger or Lokibot information-stealing malware, infamous banking Trojans such as Trickbot or Zeus Sphinx, and even disastrous ransomware.

Other attacks included infected COVID-19 Android apps like CoronaSafetyMask that scam users with promises of masks for an upfront payment; the spyware app Project Spy; and seemingly genuine apps that are infected with dangerous malware like banking Trojans such as Ginp, Anubis and Cerberus.

"Covid-19 has created an ideal situation for various threat actors to target individuals and enterprises alike. The panic caused by the stringent lockdown measures and rapid spread of this virus has left many people looking for more information on the situation," J. Kesavardhanan, Founder and CEO of K7 Computing was quoted as saying in the statement.

"Threat actors exploit this fear to their advantage and scam users into downloading malicious software and divulging sensitive information like banking codes. The need to be cyber cautious has never been greater. This is more so in the case of corporates who have adopted a work from home policy hurriedly without adequate cyber hygiene. We have seen an increase in attacks on enterprises and SME employees as well," he added.

Such attacks are expected to continue till normalcy returns. Social engineering attacks targeted at winning users' trust will gain momentum.

Healthcare institutions, well-known government offices, and international organisations will continue to be a prime target throughout the pandemic, the statement said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 12,2020

Thiruvananthapuram, Mar 12: In the wake of COVID-19 outbreak, Internet service providers in Kerala have agreed to step up the network capacity by 30 to 40 per cent of the present capacity to meet the demand, especially in view of the spurt in work-at-home mode.

"The decision was made at a meeting of representatives of various telecom service providers in Kerala circle and officials of the Telecommunication Department convened by the Secretary, Electronics and IT, following a direction by Chief Minister Pinarayi Vijayan to look into the issue," said a press release by the IT Department.

The decision will be beneficial for those working in IT institutions. The government has come out with a set of suggestions to avoid social gatherings at public places in view of coronavirus spread. Telecom service providers have assured the government that they are well equipped to face the current situation.

The major part of Internet consumption in Kerala is made available through local servers. Moreover, global Internet traffic is very low as compared to the overall consumption. So, increasing the capacity won't be difficult, service providers informed.

"Complaints regarding the low availability of the Internet due to the spurt in consumption of the Internet can be made to the service providers to their complaint redressal number or inform state government call centre (155300). But complaints regarding the insufficiency in the current network infrastructure should be strictly avoided," said the release.

The IT Department will also demand daily reports from various telecom service providers. By analysing these reports, steps for remedies will be taken after bringing the sudden increase in consumption to the service providers.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 9,2020

U.S. electric vehicle maker Tesla Inc is "very close" to achieving level 5 autonomous driving technology, Chief Executive Elon Musk said on Thursday, referring to the capability to navigate roads without any driver input.

"I'm extremely confident that level 5 or essentially complete autonomy will happen and I think will happen very quickly," Musk said in remarks made via a video message at the opening of Shanghai's annual World Artificial Intelligence Conference (WAIC).

"I remain confident that we will have the basic functionality for level 5 autonomy complete this year."

Automakers and tech companies including Alphabet Inc Waymo and Uber Technologies are investing billions in the autonomous driving industry.

However industry insiders have said it would take time for the technology to get ready and public to trust autonomous vehicles fully.

The California-based automaker currently builds cars with an Autopilot driver-assistance system.

Tesla is also developing new heat-projection or cooling systems to enable more advanced computers in cars, Musk said.

Industry data showed Tesla sold nearly 15,000 China-made Model 3 sedans last month.

Tesla has become the highest-valued automaker as its shares surged to record highs and its market capitalisation overtook that of former front-runner Toyota Motors Corp.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.