1. Home
  2. Anti-virus industry"s best kept secret

Anti-virus industry"s best kept secret

safia@coastaldigest.com (New York Times)
January 7, 2013

antivirus

Consumers and businesses spend billions of dollars every year on anti-virus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. “The bad guys are always trying to be a step ahead,” said Matthew D Howard, a venture capitalist at Norwest Venture Partners. “And it doesn"t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

The anti-virus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company"s trade secrets, erasing data or emptying a consumer"s bank account.

A new study by Imperva, a data security firm in Redwood City, California, and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva"s chief technology officer, and a group of researchers collected and analysed 82 new computer viruses and put them up against more than 40 anti-virus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for anti-virus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on anti-virus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we"ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers.

Part of the problem is that anti-virus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, anti-virus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the anti-virus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame"s discovery.

Symantec and McAfee, which built their businesses on anti-virus products, have begun to acknowledge their limitations and to try new approaches. The word “anti-virus” does not appear once on their home pages. Symantec rebranded its popular anti-virus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying anti-virus is enough,” said Kevin Haley, Symantec"s director of security response. Haley said Symantec"s anti-virus products included a handful of new technologies, like behaviour-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the anti-virus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as anti-virus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

“The game has changed from the attacker"s standpoint,” said Phil Hochmuth, a Web security analyst at the research firm International Data Corporation. “The traditional signature-based method of detecting malware is not keeping up.”

Investors are backing a new crop of start-ups that turn the whole notion of security on its head. If it is no longer possible to block everything that is bad, the thinking goes, then the security companies of the future will be the ones whose software can spot unusual behaviour and clean up systems once they have been breached.

The hottest security start-ups today are companies like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack. Bit9 uses an approach known as whitelisting, allowing only traffic that the system knows is innocuous.

McAfee acquired Solidcore, a whitelisting start-up, in 2009, and Symantec"s products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee"s former chief executive, David G DeWalt, was rumoured to be a contender for the top job at Intel, which acquired McAfee in 2010. Instead, he joined FireEye, a start-up with a system that isolates a company"s applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through. Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to start CrowdStrike, a start-up that offers a similar forensics service.

Seculert, an Israeli start-up, approaches the problem somewhat differently. It looks at where threats are coming from — the command and control centers used to coordinate attacks — to give governments and businesses an early warning system.

As the number of prominent online attacks rises, analysts and venture capitalists are betting that corporate spending patterns will change. “Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,” Hochmuth said. “Very soon, if you are not running these technologies and you"re a security professional, your colleagues and counterparts will start to look at you funny.”

Companies have started working from the assumption that they will be hacked, Hochmuth said, and that when they are, they will need top-notch cleanup crews. If and when anti-virus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.

In October, the FBI warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple"s app store.

McAfee, Symantec and others are working on solutions, and Lookout, a start-up whose products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.

“The bad guys are getting worse,” Howard of Norwest said. “Anti-virus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
July 24,2020

Melbourne, Jul 24: Home-made cloth face masks may need a minimum of two layers, and preferably three, to prevent the dispersal of viral droplets associated with Covid-19, according to a study.

Researchers, including those from the University of New South Wales in Australia, noted that viral droplets are generated by those infected with the novel coronavirus when they cough, sneeze, or speak.

As face masks have been proven to protect healthy people from inhaling infectious droplets as well as reducing the spread from those who are already infected, several types of material have been suggested for these, but based on little or no evidence of how well they work, the scientists said.

In the current study, published in the journal Thorax, the researchers compared the effectiveness of single and double-layer cloth face coverings with a surgical face mask (Bao Thach) at reducing droplet spread.

They said the single layer covering was made from a folded piece of cotton T shirt and hair ties, and the double layer covering was made using the sew method described by the US Centers for Disease Control and Prevention (CDC).

The scientists used a tailored LED lighting system and a high-speed camera to film the dispersal of airborne droplets produced by a healthy person with no respiratory infection, during speaking, coughing, and sneezing while wearing each type of mask.

Their analysis showed that the surgical face mask was the most effective at reducing airborne droplet dispersal, although even a single layer cloth face covering reduced the droplet spread from speaking.

But the study noted that a double layer covering was better than a single layer in reducing the droplet spread from coughing and sneezing.

According to the researchers, the effectiveness of cloth face masks is dependent on the number of layers of the covering, the type of material used, design, fit as well as the frequency of washing.

Based on their observations, they said a home made cloth mask with at least two layers is preferable to a single layer mask.

"Guidelines on home-made cloth masks should stipulate multiple layers," the scientists said, adding that there is a need for more research to inform safer cloth mask design.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 24,2020

New Delhi, Jun 24: The Centre has made it mandatory for sellers to enter the 'Country of Origin' while registering all new products on government e-marketplace (GeM).

The e-marketplace is a special purpose vehicle (SPV) under the Ministry of Commerce and Industry which facilitates the entry of small local sellers in public procurement, while implementing 'Make in India' and MSE Purchase Preference Policies of the Centre.

Accordingly, the ministry said the move has been made to promote 'Make in India' and 'Atma Nirbhar Bharat'.

The provision has been enabled via the introduction of new features on GeM.

Besides the registration process, the new feature also reminds sellers who have already uploaded their products, to disclose their products' 'Country of Origin' details.

The ministry further said that failing to disclose the detail will lead to removal of the products from the e-marketplace.

"GeM has taken this significant step to promote 'Make in India' and 'Aatmanirbhar Bharat'," the ministry said in a statement.

"GeM has also enabled a provision for indication of the percentage of local content in products. With this new feature, now, the 'Country of Origin' as well as the local content percentage are visible in the marketplace for all items. More importantly, the 'Make in India' filter has now been enabled on the portal. Buyers can choose to buy only those products that meet the minimum 50 per cent local content criteria."

In case of bids, the ministry said that buyers can now reserve any bid for a "Class I Local suppliers. For those bids below Rs 200 crore, only Class I and Class II Local Suppliers are eligible to bid, with Class I supplier getting purchase preference".

In addition to this, the Department for Promotion of Industry and Internal Trade (DPIIT) has reportedly called for a meeting with all e-commerce companies such as Amazon and Flipkart to display the country of origin on the products sold on their platform, as well as the extent of value added in India.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 7,2020

Washington, Jan 7: Facebook will ban deepfake videos ahead of the US elections but the new policy will still allow heavily edited clips so long as they are parody or satire, the social media giant said Tuesday.

Deepfake videos are hyper-realistic doctored clips made using artificial intelligence or programs that have been designed to accurately fake real human movements.

In a blog published following a Washington Post report, Facebook said it would begin removing clips that were edited--beyond for clarity and quality--in ways that "aren't apparent to an average person" and could mislead people.

Clips would be removed if they were "the product of artificial intelligence or machine learning that merges, replaces or superimposes content onto a video, making it appear to be authentic," the statement from Facebook vice-president Monika Bickert said.

However, the statement added: "This policy does not extend to content that is parody or satire, or video that has been edited solely to omit or change the order of words."

US media noted the new guidelines would not cover videos such as the 2019 viral clip -- which was not a deepfake -- of House Speaker Nancy Pelosi that appeared to show her slurring her words.

Facebook also gave no indication on the number of people assigned to identify and take down the offending videos, but said videos failing to meet its usual guidelines would be removed, and those flagged clips would be reviewed by teams of third-party fact-checkers -- among them AFP.

The news agency has been paid by the social media giant to fact-check posts across 30 countries and 10 languages as part of a program starting in December 2016, and including more than 60 organisations.

Content labeled "false" is not always removed from newsfeeds but is downgraded so fewer people see it -- alongside a warning explaining why the post is misleading.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.