Skip to content

Category Archives: Security Matters

A Move in the Right Direction.

Barack Obama signs an executive act regulating cyber security

On Tuesday, President Obama issued a long awaited Executive Order on cyber security intended to expand and deliver more robust information sharing between government and the private sector.  The Executive Order also requires the development of a voluntary cyber framework and standards to improve protection of the U.S. critical infrastructure.  The Executive Order rightly focuses on a risk-based approach.  Resources are limited and prioritization to secure those areas most at risk is smart policy.  The sophistication of threats and targeted attacks on key economic sectors around the world stresses the urgency that action be taken to better secure critical infrastructure.  This effort by President Obama is a positive step to address a real gap in the protection of critical assets necessary to the well being of the United States.

The risk to critical infrastructures is real, and an international challenge that must be addressed by governments and the private sector together.  As we see more threats to the national and economic security of countries, action must be taken to better protect those critical national infrastructures.  Attacks like StuxnetFlameGauss and Shamoon are becoming commonplace and keep growing in sophistication.

I believe this executive order is a move in the right direction as it seeks to increase digital defenses of critical infrastructure, and tries to facilitate the exchange of threat information between the government and private sector.  Better cooperation between governments around the world and their private sectors to improve sharing of timely and relevant cyber threat information is essential. Likewise, operators of the critical infrastructures must work to implement flexible performance based standards to secure their assets.

We are at a critical juncture on cyber security protection, and leadership in the U.S. and around the world is essential.  We hope that other nations and unions will follow this example and take steps to better protect their national critical infrastructures.

We’re ready to support and assist in national and international cyber defense efforts with our research, technologies and people.

All Mouth, No Trouser.

“All animals are equal, but some are more equal than others.” Thus spake Napoleon, the head-hog in Orwell’s dystopian classic.

The genius of this phrase lies in its universality – a small addition turns the truth inside out. Alas, this witty paradox [sic.] is met not only in farmer-revolutionary sagas, but also in such (seemingly very distant) themes as – and you won’t believe this – antivirus tests! Thus, “All published AV-test results are equal, but some are more equal than others.” Indeed, after crafty marketing folk have applied their magic and “processed” the results of third-party comparative AV tests, the final product – test results as published by certain AV companies – can hardly be described as equal in value: they get distorted so much that nothing of true value can be learned from them.

Let’s take an imaginary antivirus company – one that hardly distinguishes itself from its competitors with outstanding technological prowess or quality of protection, but which has ambitions of global proportions and a super-duper sales plan to fulfill them. So, what’s it gonna first do to get nearer its plan for global domination? Improve its antivirus engine, expand its antivirus database, and/or turbo charge its quality and speed of detection? No, no, no. That takes faaaar too much time. And costs faaaar too much money. Well, that is – when you’re in the Premiership of antivirus (getting up to the First Division ain’t that hard). But the nearer the top you get in the Champions League in terms of protection, the more dough is needed to secure every extra hundredth of a real percent of detection, and the more brains it requires.

It’s much cheaper and quicker to take another route – not the technological one, but a marketing one. Thus, insufficient technological mastery and quality of antivirus detection often gets compensated by a cunning informational strategy.

But how?

Indirectly; that’s how…

Now, what’s the best way to evaluate the quality of the protection technologies of an antivirus product? Of course it’s through independent, objective opinion by third parties. Analysts, clients and partners give good input, but their impartiality naturally can’t be guaranteed. Comparative tests conducted by independent, specialized testing labs are where the real deal’s at. However, testers are peculiar beasts: they concentrate purely on their narrow trade – that’ll be testing – which is good, as testing done well – i.e., properly and accurately – is no easy task. But their results can often come across as… slightly dull, and could do with a bit of jazzing up. Which is where testing marketing done by those who order the testing kicks in: cunning manipulation of objective test results – to make the dirty-faced appear as angels, and/or the top-notchers appear as also-rans. It all becomes reminiscent of the ancient Eastern parable about the blind men and the elephant. Only in this case the marketing folk – with perfect eyesight – “perceive” the results deliberately biasedly. The blind men couldn’t help their misperceptions.

blind people and elephant

More: Nine tricks to put the wool over your eyes…

Finding the Needle in the Haystack. Introducing: Astraea.

Today we’ll be adding another, very important addition to our tech-tome – one on Astraea technology. This is one of the key elements of our KSN cloud system, which automatically analyzes notifications from protected computers and helps uncover hitherto unknown threats. So, as per my techie-blog post tradition, let me go through it all for you – step by step…

More: Finding the Needle in the Haystack. Introducing: Astraea.. . .

Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation!

Today I’d like to talk about a not-so-glamorous future of mass cyber-attacks on critically important installations. We are working on developing technologies for a secure operating system aimed at protecting precisely these same critical IT systems. Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on …

More: Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation!. . .

In Denial about Deny All?

So sure, the underground has changed; however, the security paradigm, alas, remains the same: the majority of companies continue to apply technologies designed for mass epidemics – i.e., outdated protection – to tackle modern-day threats. As a result, in the fight against malware companies maintain mostly reactive, defensive positions, and thus are always one step behind the attackers. Such a state of affairs becomes even more paradoxical when you discover that in today’s arsenals of the security industry there do exist sufficient alternative concepts of protection built into products – concepts able to tackle new unknown threats head-on. I’ll tell you about one such concept today …

More: In Denial about Deny All?. . .

Kaspersky (Server) Anti-Spam: No Longer the Underdog; More Top Dog.

Just recently the results of Virus Bulletin’s VBSpam testing were released in which our new Kaspersky Linux Mail Security (KLMS) – unexpectedly for our competitors but quite expectedly for us – was among the winners – actually second – with an outstanding result of a 93.93% spam catch rate and 0.01% false positives. “Who wants to come second?” might come the refrain from those used to nothing but first place for KL. But in answer I’d say, “I do!” Here’s why…

More: Kaspersky (Server) Anti-Spam: No Longer the Underdog; More Top Dog.. . .

Catching the Phishes.

Just recently Russia’s Ministry of Internal Affairs (MVD) and Federal Security Service (FSB), with the expert assistance of KL Cybercrime Investigation Unit (CIU) brought to a successful conclusion a criminal case regarding phishing. The culprits were identified and sentenced, justice was meted out, and one more nail was hammered into the coffin of romantic imaginings about cybercrime. I hope. The case would have been a run-of-the-mill “typical” one if not for one circumstance: It was the first phishing case in Russia whose investigation ran to completion. Before it was unrealistic to expect to get such a case to court while, at best, it was only possible to ever catch the lower level “runners” of the responsible criminal hierarchy. The story began in the spring of 2010 as a classic phishing scenario …

More: Catching the Phishes.. . .

Crowdsourcing in Security.

Network crowdsourcing being applied in practically every sphere of life. And security is no exception. he best example is probably to be found in the way we (KL) successfully process 125,000 samples of malware every day (up from 70,000 late last year). Of course, robots and other technologies of automation and data-flow analysis help, but the most important ingredient to make it all work – the statistical food – is furnished by you! Yes, you! Let me tell you how it works …

More: Crowdsourcing in Security.. . .

Windows 8: We’re Ready Already

The new version of KIS is attracting quite a bit of buzz in the media: in two weeks since its global premiere it has been receiving gushing review after gushing review. Just about all reviews go into plenty of detail covering all the ins and outs of the product, and lots of specific features have been covered here on this blog of mine – for example posts about automatic protection from vulnerabilities and making secure payments. But KIS has one more delicious layer of features; however, they can’t be used yet, and will only become applicable in the nearest future. These futuresque featuresques are undeservedly not getting the limelight. I’m talking about KIS support for Windows 8 …

More: Windows 8: We’re Ready Already. . .

Social Networks: the Force Is Strong with These Ones.

Governments and intelligence services are getting more deeply involved in social networks. Some states understood the potential and dangers earlier rather than later, while others are catching up fast. But that doesn’t really matter. In one way or another battle lines will be drawn in social media, there’ll be attacks and defense moves – often termed war. Do we need that? I don’t. …

More: Social Networks: the Force Is Strong with These Ones.. . .