NOTA BENE

Notes, comment and buzz from Eugene Kaspersky – Official Blog

September 12, 2013

K-LOVE & KISSES 2014 – PART 1.

Hip, hip, hurray! Yee ha! Woo hoo! The latest incarnation of KIS has landed – everywhere (almost)!

As per our long held tradition of launching new kit during the summer months – we’ve now managed to get KIS 2014 officially released in all the main regions of the world and in all the most widely spoken languages. For those interested in KIS itself, go here to download the new version. Upgrade guidelines are here.

And as is also becoming a bit of a tradition early fall, the time has come for me to tell you all what’s in this here new version…

There’s plenty of new stuff in KIS 2014 – with a special emphasis on protection against future threats.

First thing I can say: new stuff – there’s plenty of it. So much so that there’ll be several posts covering the key new features separately, as the low-down on all of them won’t fit into one bite-sized blogpost that won’t send you to sleep…

So, here we go… with post No. 1:

Basically, KIS 2014 packs yet more punch than its already punchy predecessor – KIS 2013 – which even without all this year’s additions was unlucky for no one. The protection provided is harder, better, faster, stronger. KIS has gone under the knife for a nip and tuck complete face-lift of its interface, and the logic of its main operations has been overhauled too.

There are new features to ensure secure online money operations (we’ve beefed up Safe Money); there are new features in Parental Control; there’s integrated protection against malicious blockers; and there are various new performance accelerators and optimizers to make the protection even more invisible and unobtrusive.

kis-2014-main-screenshot-eng-1

But the best feature of all in this version is what we put most effort into: providing protection from future threats, having added to the product – much to the chagrin of cyberswine – several specialized avant-garde technologies (none of which appears to be included in competitors’ products). No, we haven’t used a time machine; nor did we track down cyberpigs and do a Jack Bauer interrogation on them to get to know about their planned mischief. We shamanized, looked into the future, came up with rough calculations of the logic of the development of cyber-maliciousness, and transferred that logic into practice in our new technologies of preventative protection.

Among the preventative measures against future threats I’d like to emphasize the souped-up Automatic Exploit Prevention – two special technologies from our corporate solutions that have been adapted for our home products – ZETA Shield and Trusted Applications mode, plus a built-in proactive anti-blocker.

So how do all these fancy sounding features actually help in daily computer hygiene? Let me start by telling you first about Trusted Applications mode – the world’s first for such technology being featured in a home product providing complex security.

More: Fighting the parcel in ‘pass the parcel’ syndrome…

August 1, 2013

The phantom of the boot sector.

My power over you
grows stronger yet
(с) Andrew Lloyd Webber – Phantom Of The Opera

In the ongoing battle between malware and anti-malware technologies, there’s an interesting game that keeps getting played over and over – king of the castle.

The rules are simple: the winner is the one who loads itself into the computer memory first, seizes control of the ‘levers’, and protects itself from other applications. And from the top of the castle you can calmly survey all around and guard the order in the system (or, if you’re malicious, on the contrary – you can cause chaos, which goes both unnoticed and unpunished).

In short, the winner takes all, i.e., control over the computer.

Cybercriminals have long taken an unhealthy interest in boot sector – the ideal way to hide the fact that the computer is infected. And they use a special strain of malware – bootkits.

And the list of applications wanting to do the boot process first begins with (as the name might suggest) the boot sector – a special section of the disk that stores all the instructions for what, when and where to load. And, terror of terrors, even the operating system sticks to this list! No wonder cybercriminals have long taken an unhealthy interest in this sector, since abusing it is the ideal way to get first out of the blocks while completely hiding the fact that the computer is infected. And the cybercriminals are helped in this by a particular class of malware – bootkits.

How your computer loads

loading_comp_en

To find out what bootkits are and how we protect you against them – read on…

More: the prosperity, the fall and the return of bootkits…

July 2, 2013

Emulate to exterminate.

First, a bit of rewind/intro…:

100% guaranteed protection doesn’t exist. You probably know that perfectly well by now. Indeed, even the most reliable antivirus sometimes gets bypassed in professional attacks. That’s bad news enough already. What’s even worse news is that inferior antiviruses get bypassed a lot more frequently.

If they want, highly professional criminals can hack into anything; thankfully, such cyber-Moriatys are few and far between. For the most part, cyber-outrages are carried out by common-or-garden programmers who seem to get their right and wrong all mixed up – seduced by greed and thinking they can get away with it (ha!). These chancers usually don’t have sufficient criminal cyber-skills to pull off hacking the most advanced mega-defenses out there, but they are more than capable of getting into computers that are either not protected at all or which have colander-protection installed. And, alas, such comps in the world are twenty a penny.

The basic logic of it all is rather straightforward:

The stronger the protection – the stronger the defenses, obviously. At the same time, the more professional the attack – the stronger the defenses it can break.

Now, with 2.5 billion Internet users potential victims out there, this logic leads to the following economics:

Criminals don’t need to go to all the bother of coming up with super-mega skeleton keys for breaking into super-mega secure vaults (especially when what is often saved in such super-mega secure vaults can be some real creepy/weird/dangerous stuff it’s best not to know about). It’s much simpler – cheaper – to break into something more down-to-earth, like a neighbor’s network, since their defenses are bound to be much, much lighter, and their stashes more realizable.

So you get the picture: for the average hacker, there’s no point going to the trouble of preparing for and carrying out mega-professional attacks. Nor is there much sense in switching their criminal focus from Windows to Mac. It’s much more effective to ‘carpet-bomb’ – affecting as many victims as possible with non-pinpointed attacks that don’t take a lot of hassle or brains to carry out.

The better the protection – the less interesting it is for the bad guys. They won’t bother going to the trouble of breaking it, they’ll just find other – more vulnerable – victims elsewhere.

Now, let me tell you more about a feature that puts cybercrims off attacking particularly your comp, and has them decide to go elsewhere where the feature doesn’t reside. Yep, it’s time for another eye-opening excursion under the hood of our antivirus and to let you know more about how the letter K in your taskbar makes you a big turn-off to the cyber-trespassers – through protection from future threats with emulation.

emulator_alert_en

More: The nearly-perfect testing tube…

May 20, 2013

Anecdotes from the frontline of IT security

My work has me rushing all over the world, speaking at events, getting together with fellow experts to tell my own stories and listen to theirs. One day I thought, why not share them here as well? So, here are some very different “funny” (literally and figuratively) stories from the world of IT security.

Story 1. Secret files with home delivery.

More: Myths of Ancient Greece and other stories…

May 9, 2013

One step forward, two steps back.

“Everything ought to happen slowly, and out of joint, so we don’t get above ourselves, so we remain miserable and confused”

Venedikt Yerofeev. Moscow Stations

I never thought I’d ever use this phrase when talking about the antivirus industry, but that’s what it’s come to. You know, not everything in this world progresses smoothly. Economic realities and the need for new customers often manage to lure even the best over to the dark side. This time, one of the best-known test labs in the AV industry – AV-TEST – has succumbed.

Comparative testing: A bit of background for the uninitiated

How do you go about picking the best of any particular product? And how do you know it’s the best? Well, you would probably start by looking at the results of comparative testing in a specialist magazine, or the online equivalent. I’m sure this is not news to you. The same goes for AV solutions – there are a number of test labs that evaluate and compare a huge variety of antivirus products and then publish the results.

Now, for some unknown reason (below I’ll try and guess why exactly) the renowned German test lab AV-TEST has quietly (there was no warning) modified its certification process. The changes mean that the certificates produced by the new rules are, to put it mildly, pretty useless for evaluating the merits of different AV products.

Yes, that’s right. I officially declare that AV-TEST certification of AV solutions for home users no longer allows product quality to be compared adequately. In other words, I strongly recommended not using their certificate listings as a guide when choosing a solution to protect your home PC. It would be natural to believe that two products that both have the same certification must be equal (or close to equal) in performance. With AV-TEST’s new certification standards, the onus is on the user to carefully investigate the actual results of each individual test…they may find that a product that blocked 99.9% of attacks has the same “certification” as a product that only blocked 55%.

avtest_cert_balance_blue

More: let’s take a closer look at what happened and why…

April 1, 2013

New viruses from Chelyabinsk so advanced they blow the mind.

Every day our valiant antivirus lab processes hundreds of thousands of files. Each single day! Admittedly, some of them turn out to be clean and honest files, or just broken code, innocent scripts, assorted scraps of data, etc., etc., etc., but mostly it’s maliciousness – a lot of which is analyzed and processed automatically (as I’ve already mentioned on these cyberpages).

But every now and again we come across some reeeaaal unusual items – something totally new and unexpected. Something that activates the little grey cells, makes the heart beat faster, and gets the adrenaline pumping. I mean things like Stuxnet, Flame, Gauss and Red October.

Anyway, it looks like we’ve found something else in this original-oddity category…

Yes, we’ve detected another malware-monster – a worm originating from the cyberstreets of the Russian Internet. What we were able to say straight off was that it surpasses in sophistication by a long way not only all known malicious programs today – including professional cyberspies and cyberweapons – but also any other known software – judging by the logic of the algorithms and the finesse of their coding.

Yes folks, this is big!

We’ve never come across such a level of complexity and perplexity of machine code with program logic like this. Analyzing the most complicated worms and Trojans normally takes several weeks – whereas this baby looked like it’d take years! Maybe several years!!! It’s just so darn elaborate and convoluted.

I don’t know a single software company that would have been able to develop such a beast. Nor any cybercriminals with their mostly primitive malware. Nor any of the secret services assumed to be behind the more artful malware that’s appeared in recent years. No. This new find simply cannot be the work of any of those three.

So… Are you sitting down? No? Change that.

I’d say it’s theoretically impossible to say that this code was written by a human being (glad to be seated now?).

This code is so infernally intricate that I fear this newly-discovered worm must have extraterrestrial origins.

Hohoho

But wait – there’s more…

April 1, 2013

Securing Mother-SCADA.

Hi all!

We’re always assessing the state of the world of computers by prodding it with various hi-tech instruments in different places, taking measurements from different Internet sensors, and studying “information noise”. From the information we glean from all this, plus data from other sources, we constantly evaluate the overall body temperature and blood pressure of the computer world, and carefully monitor the main risk areas. And what we’re seeing at the mo – that’s what I’ll tell you about in this post.

To many, it seems that the most diseased elements of the digital world are home computers, tablets, cellphones and corporate networks – that is, the computer world that most folks know about – be it of a work or home/consumer coloring. But they’d be wrong. Despite the fact that the majority of cyberattacks occur in “traditional” cyberspace (cyberespionage, cybercrime, etc.), they don’t represent the main threat. In actual fact, what should be feared most of all are computer attacks on telecommunications (Internet, mobile networks) and ICS (automated Industrial Control Systems).

One particular investigation of ours, conducted as part of our ongoing secure OS project, detected a seriously low level of “computer immunity” for control systems of critically important infrastructure. ICS, including SCADA, all of which is made up of software and computerized hardware, is responsible for controlling – and the smooth, uninterrupted running of – tech-processes in practically every sector of industry, be it the power industry, transportation, the mass media, and so on. Computer systems control critical aspects of all modern cars, airplanes and trains; every power station and waterworks, every factory, and even every modern office building (lifts, electricity and water supply, emergency systems like smoke alarms and sprinklers, air conditioning, etc.). SCADA and other ICS – it’s all imperceptible, working in the background in some corner or other nobody takes any notice of… but a whole lot around us depends on it.

Alas, as with any other computer systems, SCADA & Co. can be exposed to malware and hacker attacks, as was clearly demonstrated by the Stuxnet worm in 2010. Therefore, protection of critically important systems has become one of the main strategic priorities of computer security in most developed countries of the world, while in response to cyberattacks on critical infrastructure some countries are ready to go to war – real tanks-and-bombs war (if they can find out which country is responsible). So indeed, the situation’s sure hotting up.

Of course, we’re on the case with SCADA security, and have been for a while. Over the last several years we’ve been conducting detailed analysis of ICS, been establishing the fundamental principles of SCADA security, and also developing a prototype solution for guaranteed SCADA protection from malware threats – based on traditional endpoint security and our secure OS. Products fit for consumption aren’t ready just yet, but active work is currently underway – so they should be soon…

Now, while continuing our usual analysis of SCADA security, earlier today we stumbled upon one heck of a big surprise: we came across “Mother-SCADA”, the chief, predominant, all-powerful ICS of the whole world, on whose smooth and uninterrupted operation relies literally everything on the planet: from how breakfast tastes and the size of annual bonuses, to the hours of night and day time and how fast the sun and the stars move across the skies.

Yep, we’ve gone and found the SCADA that manages all the technological processes in the Matrix!

Mother SCADA admin panel

More: Mother SCADA controls your annual bonus!…

March 25, 2013

One in twenty is the sad truth.

In brief.

  • Approximately 5% of home computers around the world are infected. That’s at least 50 million machines.
  • We discovered this from our free Kaspersky Security Scan after analyzing requests to an “antivirus cloud”.
  • We’re only talking about Windows PCs – we don’t know how many infected Macs and Linux machines there are out there.

Now for all the gory details.

So, just how many infected computers are there in the world right now (to within two or three parsecs)? It’s a pertinent question. And that’s just PCs; no Macs (quite a few of which are infected too). And let’s restrict it to just home users. In any case, it’s still interesting to know. What do you need to do to find out that sort of information? Well, a large selection of computers needs to be scanned for malware, and that’s a large selection in terms of geography as well as numbers. The antivirus tool not only needs to be good at catching viruses – it mustn’t conflict with other antivirus programs.

Well, we have just the thing – Kaspersky Security Scan (KSS).

Kaspersky Security Scan

More: KSS – a nifty little thing…

March 20, 2013

Cjdthityyj ctrhtnyj/.*

As some of you may have guessed from the title – this post is about encryption!

Actually, about the new full-disk and file-level encryption that are featured in our new corporate product.

Let me warn you now from the outset – there’ll be quite a bit of specific tech terminology and information in this post. I have tried to make it as minimally heavy and dull as possible. However, if the business of encryption will never manage to wet your whistle just a little, well, you can simply sack the idea right now before you begin – and learn all about the touristic treasures of New Zealand, for example :).

Soooo. Encryption:

Kaspersky Security for Business Encryption

More: re-rewind, context, background …

March 5, 2013

The sysadmin: the controller, the gatekeeper, the security-police, and more. Don’t mess.

The system administrator – also sometimes affectionately known as the computer guy/girl – is a fairly well known figure at any company with more than a handful of employees. Stereotypes abound for sysadmins, and even sitcoms are made about the genre. But a lot of those are out-of-date and silly generalizations (my sysadmin @ HQ is neat and well-groomed – verging on the Hipster, with long blond fringe and side parting!)

So, really, just who is the sysadmin?

Right. All of us – computer users – are divided into three categories in terms of the answer to this question. To the first category, a sysadmin is an angry bearded devil, a computer whiz(ard), and a shaman – all rolled into one. The second category also attributes to sysadmins certain otherworldly traits, but strictly positive ones worthy of repeated bows plus a small gift on every worthy holiday (especially Sysadmin Day). Then there’s the third category of computer users – who don’t take either of these two views of sysadmins; these folks understand they’re just normal folks like the rest of us. And this third category includes the sysadmins themselves!

The shamanic work of sysadmins is eternally interesting: assembling brand new shiny kit, connecting it up with cables (or without them), and also commanding control over mice and keyboards – sometimes from thousands of miles away – and installing or reconfiguring software on a comp from the comfort of their own workplace. However, at the same time the work is hard, incredibly accountable, and, alas, in part thankless.

First of all there are the hundreds or thousands of users who all need to be kept happy – most of them clever-Dicks! Then there are the ever-increasing numbers and types of computers and other newfangled devices – all of which need attention and care. And of course there’s the jungle of software, cables and routers, problems with security… And to top it all off there are the ever-present budgetary constraints and dissatisfaction of the management and users. So it should come as no surprise that only sysadmins with iron psyches and healthy, cynical attitudes to life are the only ones who can cope with the job!

Perhaps the biggest headache for sysadmins is how to physically manage all the tasks under their remit. Installing Office here, correcting a setting in Outlook there, connecting a new comp in the neighboring building, and then getting through another 48 tasks scattered all over the office(s) is all going to result in nothing other than sysadmin burnout! Enter systems management to ease the burden…

The majority of routine operations for controlling a network can either be fully automated, or at least performed remotely, without excessive movement about the office. Upgrade an OS on a comp? Install an application? Check what software is installed on the chief accountant’s laptop? Update antivirus and scan a computer for vulnerabilities? Prolong a license? Correct some pesky setting that’s preventing a program from working as it should? All that and a lot more the sysadmin can do today without leaving his/her room with the help of the same systems management. And just think of the improved productivity of labor and lowering of costs! And how much simpler the life of the sysadmin becomes!

In the early 2000s a control system for the security of a network appeared in our products. It formed a teeny-weeny (but oh-so important) part of systems management, responsible for the monitoring of protected workstations, installation and updating of antivirus, and so on.

AVP Network Control Centre

More: 10 years later…