1. Home
  2. Anti-virus industry"s best kept secret

Anti-virus industry"s best kept secret

[email protected] (New York Times)
January 7, 2013

antivirus

Consumers and businesses spend billions of dollars every year on anti-virus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. “The bad guys are always trying to be a step ahead,” said Matthew D Howard, a venture capitalist at Norwest Venture Partners. “And it doesn"t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

The anti-virus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company"s trade secrets, erasing data or emptying a consumer"s bank account.

A new study by Imperva, a data security firm in Redwood City, California, and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva"s chief technology officer, and a group of researchers collected and analysed 82 new computer viruses and put them up against more than 40 anti-virus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for anti-virus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on anti-virus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we"ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers.

Part of the problem is that anti-virus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, anti-virus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the anti-virus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame"s discovery.

Symantec and McAfee, which built their businesses on anti-virus products, have begun to acknowledge their limitations and to try new approaches. The word “anti-virus” does not appear once on their home pages. Symantec rebranded its popular anti-virus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying anti-virus is enough,” said Kevin Haley, Symantec"s director of security response. Haley said Symantec"s anti-virus products included a handful of new technologies, like behaviour-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the anti-virus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as anti-virus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

“The game has changed from the attacker"s standpoint,” said Phil Hochmuth, a Web security analyst at the research firm International Data Corporation. “The traditional signature-based method of detecting malware is not keeping up.”

Investors are backing a new crop of start-ups that turn the whole notion of security on its head. If it is no longer possible to block everything that is bad, the thinking goes, then the security companies of the future will be the ones whose software can spot unusual behaviour and clean up systems once they have been breached.

The hottest security start-ups today are companies like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack. Bit9 uses an approach known as whitelisting, allowing only traffic that the system knows is innocuous.

McAfee acquired Solidcore, a whitelisting start-up, in 2009, and Symantec"s products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee"s former chief executive, David G DeWalt, was rumoured to be a contender for the top job at Intel, which acquired McAfee in 2010. Instead, he joined FireEye, a start-up with a system that isolates a company"s applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through. Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to start CrowdStrike, a start-up that offers a similar forensics service.

Seculert, an Israeli start-up, approaches the problem somewhat differently. It looks at where threats are coming from — the command and control centers used to coordinate attacks — to give governments and businesses an early warning system.

As the number of prominent online attacks rises, analysts and venture capitalists are betting that corporate spending patterns will change. “Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,” Hochmuth said. “Very soon, if you are not running these technologies and you"re a security professional, your colleagues and counterparts will start to look at you funny.”

Companies have started working from the assumption that they will be hacked, Hochmuth said, and that when they are, they will need top-notch cleanup crews. If and when anti-virus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.

In October, the FBI warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple"s app store.

McAfee, Symantec and others are working on solutions, and Lookout, a start-up whose products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.

“The bad guys are getting worse,” Howard of Norwest said. “Anti-virus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.”

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 20,2020

In a bid to help struggling small businesses in Covid-19 times, Facebook has introduced Shops to help set up a single online store for customers to access on both Facebook and Instagram.

While Facebook Shops is being rolled out from Wednesday, the company will introduce Instagram Shop, a new way to discover and buy products in Instagram Explore, this summer, starting in the US.

The social networking giant also announced that it will invest in features across its family of apps to inspire people to shop and make buying and selling online easier.

"Creating a Facebook Shop is free and simple. Businesses can choose the products they want to feature from their catalogue and then customise the look and feel of their shop with a cover image and accent colours that showcase their brand," Facebook said in a statement late Tuesday.

Any seller, no matter their size or budget, can bring their business online and connect with customers wherever and whenever it's convenient for them.

People can find Facebook Shops on a business' Facebook Page or Instagram profile, or discover them through stories or ads.

"From there, you can browse the full collection, save products you're interested in and place an order — either on the business' website or without leaving the app if the business has enabled checkout in the US," informed the company.

Last month, Facebook announced $40 million in grants for 10,000 small businesses in the US to help them get through these challenging time.

The grants will go to small businesses in 34 locations where Facebook employees live and work.

The company said that in Facebook Shops, users will be able to message a business through WhatsApp, Messenger or Instagram Direct to ask questions, get support, track deliveries and more.

In the future, they will be able to view a business' shop and make purchases right within a chat in WhatsApp, Messenger or Instagram Direct.

Later this year, Facebook will add a new shop tab in the navigation bar, so people can get to Instagram Shop in just one tap.

Facebook said it is making it easier to shop for products in real time.

Soon, sellers, brands and creators will be able to tag products from their Facebook Shop or catalogue before going live and those products will be shown at the bottom of the video so people can easily tap to learn more and purchase.

"We're starting to test this with businesses on Facebook and Instagram, and we'll roll it out more broadly in the coming months," said the company.

Facebook is also working with partners like Shopify, BigCommerce, WooCommerce, ChannelAdvisor, CedCommerce, Cafe24, Tienda Nube and Feedonomics to support small businesses.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
June 27,2020

Mumbai, Jun 27: The Bombay High Court observed that COVID-19 patients from poor and indigent sections cannot be expected to produce documentary proof to avail subsidised or free treatment while getting admitted to hospitals.

The court on Friday was hearing a plea filed by seven residents of a slum rehabilitation building in Bandra, who had been charged ₹ 12.5 lakh by K J Somaiya Hospital for COVID-19 treatment between April 11 and April 28.

The bench of Justices Ramesh Dhanuka and Madhav Jamdar directed the hospital to deposit ₹10 lakh in the court.

The petitioners had borrowed money and managed to pay ₹10 lakh out of ₹12.5 lakh that the hospital had demanded, after threatening to halt their discharge if they failed to clear the bill, counsel Vivek Shukla informed the court.

According to the plea, the petitioners were also overcharged for PPE kits and unused services.

On June 13, the court had directed the state charity commissioner to probe if the hospital had reserved 20% beds for poor and indigent patients and provided free or subsidised treatment to them.

Last week, the joint charity commissioner had informed the court that although the hospital had reserved such beds, it had treated only three poor or indigent persons since the lockdown.

It was unfathomable that the hospital that claimed to have reserved 90 beds for poor and indigent patients had treated only three such persons during the pandemic, advocate Shukla said.

He further argued that COVID-19 patients, who are in distress, cannot be expected to produce income certificate and such documents as proof.

However, senior advocate Janak Dwarkadas, who represented the hospital, said the petitioners did not belong to economically weak or indigent categories and had not produced documents to prove the same.

A person who is suffering from a disease like COVID-19 cannot be expected to produce certificates from a tehsildar or social welfare officer before seeking admission in the hospital, the bench noted and asked the hospital to deposit ₹10 lakh in court within two weeks.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 26,2020

New Delhi, Jan 26: Google on Sunday marked India's 71st Republic Day by dedicating a doodle illustrating the country's rich cultural heritage that permeates and unites the diverse nation.

From its world-famous landmarks like the Taj Mahal and India Gate, to the wide array of fauna such as its national bird (the Indian peafowl), to classical arts, textiles, and dances, the doodle, designed by Singapore-based artist Meroo Seth, brings together the rich cultural heritage of the country.

Republic Day marks the completion of India's transition towards becoming an independent republic after its constitution came into effect. The governing document had taken nearly three years of careful deliberation to finalise, and its eventual enactment was joyfully celebrated across the country.

While the Constitution was adopted by the Indian Constituent Assembly on 26 November 1949, it came into effect on January 26 -- a day when Declaration of Indian Independence (Purna Swaraj) was proclaimed by the Indian National Congress back in 1929, as opposed to the Dominion status offered by the British Regime.

Festivities embody the essence of diversity found in one of the world's most populous nations, celebrated over a three-day period with cultural events displaying national pride.

Last year's doodle on Republic Day, designed by artist Reshidev RK, had featured Rashtrapati Bhavan in the background along with a display of the country's iconic monuments and heritage.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.