Unsecure ATMs should be quarantined too!

Each year, accompanied by travel companions, I tend to take more than a hundred flights all around the world. And practically everywhere these days we always pay by card or phone, and mostly contactless like Apple or Google Pay. In China you can even pay via WeChat when you’re at the market buying fruit and veg from grannies. And the sadly famous biovirus makes the use of virtual money more popular even still.

At the other end of the spectrum, you get the odd surprise: in Hong Kong, of all places, you need to pay cash for a taxi – always! In Frankfurt, of all places, last year in two separate restaurants they only took cash too. EH?!! We had to go on a long search for an ATM and withdraw euros instead of enjoying our post-dinner brandy. The inhumanity! :) Anyway, all this goes to prove that, despite there being progressive payment systems in place all around the globe, there still appears to be a need for the good old ATM everywhere too, and it looks like that need won’t be going away any time soon.

So what am I driving at here? Of course, cybersecurity!…

ATMs = money ⇒ they’ve been hacked, they’re getting hacked, and they’ll continue to be hacked – all the more. Indeed, their hacking is only getting worse: research shows how from 2017-2019 the number of ATMs attacked by malware more than doubled (by a factor of ~2.5).

Question: can the inside and outside of an ATM be constantly monitored? Surely yes, may well have been your answer. Actually, not so…

There are still plenty of ATMs in streets, in stores, in underpasses, in subway/metro stations with a very slow connection. They barely have enough broadband for managing transactions; they hardly get round to keeping watch of what’s going on around them too.

So, given this lack of monitoring because of the network connection, we stepped in to fill the gap and raise the security level of ATMs. We applied the best practices of optimization (which we’re masters of – with 25 years of experience), and also radically brought down the amount of traffic needed by our dedicated ‘inoculation jab’ against ATM threats – Kaspersky Embedded Systems Security, or KESS.

Get this: the minimum speed requirement for an internet connection for our KESS is… 56 kilobits (!!!) a second. Goodness! That’s the speed my dial-up modem in 1998!

Just to compare, the average speed of 4G internet today in developed nations is from between 30,000 and 120,000 kilobits per second. And 5G promises 100 million-plus kbps (hundreds of gigabits) (that is, if they don’t destroy all the masts before then). But don’t let prehistoric internet speeds fool you: the protection provided couldn’t be better. Indeed, many an effective manager could learn a thing or two from us about optimization without loss of quality.

Read on…

Go easy on the traffic!

Sometimes we take it for granted, to be sure: unlimited internet access. We’re so lucky to have it. But I wonder if you remember a time when internet access was charged per-minute or per-megabyte of traffic? And when the (dial-up) speed was almost laughable by today’s standards? I mean, we’re now approaching 1GB speed in homes. Impressive…

High-speed internet really has helped out of course in the current covid situation. It’s enabled a great many (though by far not all) to be able to continue to work under lockdown. Imagine if this biological fiasco had occurred in the pre-internet era, or even in the nineties with its snail-like internet speeds. There’d be zero remote working for one thing. Imagine how much worse just that would have made things!

Of course, one could say imagine (wildy) how, if, say, Shakespeare, Boccaccio, Pushkin, and Newton had lived in times of quarantine + high-speed internet (Pushkin, curiously, actually was under quarantine, sitting out the cholera epidemic in Russia in 1830-1831; Boccaccio’s Decameron is about folks in lockdown avoiding the Black Death, but that’s beside the point; my point: no unlimited internet back then!), they’d never have given us Macbeth, the Decameron, Evgeny Onegin, or the Law of Universal Gravitation – as they’d have been too busy with their day jobs working from home! But I digress…

So, of course, we’re all happy as Larry that we have unlimited internet access – as consumers. For business, however – especially big business – internal corporate ‘unlimited’ causes budgets to be exceeded and profits to fall. This is due to the fact that, to provide the sufficient technical capacity for fast, stable and unlimited connectivity with high flows of traffic, a lot of kit is needed: network equipment, cables, ventilation; then there’s the servicing, electricity, etc. And so as to keep the cost of such kit as low as possible, a good system administrator constantly monitors traffic, forecasts peak loads, creates reserve channels, and a lot more besides. This is all in order to make sure the business has guaranteed provision of all the necessary network niceties it needs to keep that business running optimally, smoothly, with nothing getting overloaded or jammed, and with minimal lags.

Sounds impossible. Actually, well, let me explain how it’s possible…

Source

One of the chief headaches for IT folks in large organizations with vast networks is updating: software distribution and patching – and sometimes involving huge files being transferred to every endpoint. Meanwhile, most vendors of software today really don’t give a hoot how big their updates are. So when you’ve gigabytes trying to be sent to thousands of PCs in an organization all together – that’s going to be a strain on the system > fragmentation > collapse.

Of course, the system administrators don’t permit such an ‘all-at-once’ scenario. There are many methods of optimization of the process; for example, scheduled updates (at night) or installation of specialized servers.

But this is still a bit risky, since occasionally there will be a need to update super quickly due to this or that crisis, and there’d be a collapse then. And when it comes to cybersecurity, every second update is a crisis-driven super-quick one – and there are sometimes dozens of updates a day.

Since the mid-2000s, when we started to enter the enterprise market, we needed a serious rethink of our traffic optimization for large organizations: how could we keep the network load down given the inevitably increasing sizes of our updates? // Ideally the load would be zero; better – less then zero ).

So rethink we did – and pulled off the impossible!…

What it took were: good brains, a keyboard and TCP/IP :). And we killed two birds with one stone…

After trying out various proposed solutions to the issue, we opted for… a system and method for determining and forming a list of update agents. Ok, what does this system do?

Our security solutions for business all employ Kaspersky Security Center (KSC) for management functions (btw: it was recently updated, with pleasant new features (including support for KasperskyOS)). Among the many other things you can do with KSC is remotely install and tweak our products on other network nodes, and also manage updating.

First KSC determines the topology of the network with the help of broadcast dispatches. Oops: that was a bit jargony; let me put it better: KSC first gets an overall picture of the characteristics of the network – how many nodes, what kind they are, where they are, their configuration, the channels between them, and so on. The process is somewhat like… the scanning for alien life in Prometheus!

This way, system administrators (i) can choose the most suitable nodes for the local rolling out of the updates, and (ii) conduct segmentation of the corporate network – to have a look at which computers work in one and the same segments. Let’s look in more detail at these two points…

Read on…

Flickr photostream

  • KLHQ
  • KLHQ
  • KLHQ
  • KLHQ

Instagram photostream

Cyber-yesteryear – pt. 1: 1989-1991.

Having written a post recently about our forever topping the Top-3 in independent testing, I got a bit nostalgic for the past. Then, by coincidence, there was the 20th anniversary of the ILOVEYOU virus worm: more nostalgia, and another post! But why stop there, I thought. Not like there’s much else to do. So I’ll continue! Thus, herewith, yet more K-nostalgia, mostly in a random order as per whatever comes into my head…

First up, we press rewind (on the 80s’ cassette player) back to the late 1980s, when Kaspersky was merely my surname ).

Part one – prehistorical: 1989-1991

I traditionally consider October 1989 as when I made my first real steps in what turned out to be my professional career. I discovered the Cascade virus (Cascade.1704) on an Olivetti M24 (CGA, 20M HDD) in executable files it had managed to infiltrate, and I neutralized it.

The narrative normally glosses over the fact that the second virus wasn’t discovered by me (out of our team) but Alexander Ivakhin. But after that we started to ‘woodpeck’ at virus signatures using our antivirus utility (can’t really call it a ‘product’) regularly. Viruses would appear more and more frequently (i.e., a few a month!), I would disassemble them, analyze them, classify them, and enter the data into the antivirus.

But the viruses just kept coming – new ones that chewed up and spat out computers mercilessly. They needed protecting! This was around the time we had glasnost, perestroika, democratization, cooperatives, VHS VCRs, Walkmans, bad hair, worse sweaters, and also the first home computer. And as fate would have it, a mate of mine was the head of one of the first computer cooperatives, and he invited me to come and start exterminating viruses. I obliged…

My first ‘salary’ was… a box of 5″ floppy disks, since I just wasn’t quite ready morally to take any money for my services. Not long afterward though, I think in late 1990 or early 1991, the cooperative signed two mega-contracts, and I made a tidy – for the times – sum out of both of them.

The first contract was installation of antivirus software on computers imported to the USSR from Bulgaria by a Kiev-based cooperative. Bulgarian computers back then were plagued by viruses, which made a right mess of data on disks; the viruses, btw, were also Bulgarian.

The second contract was for licensing antivirus technologies in a certain mega-MS-DOS-based system (MS Office’s ~equivalent back then).

What I spent my first ‘real’ money on?… I think it was a VCR. And a total waste of money that was. I never had the time for watching movies, let alone recording stuff and watching it again. My family weren’t big into videos either. Oof. (Btw: a good VCR back then cost… the same as a decent second-hand Lada!)

My ~second purchase was a lot more worthwhile – several tons of paper for the publication of my first book on computer viruses. Btw: just after this buy the Pavlov Reform kicked in, so it was just as well I’d spent all my rubles – days later a lot of my 50 and 100-ruble notes would have been worthless! Lucky!

My book was published in the spring of 1991. Alas, it hardly sold – with most copies gathering dust in some warehouse no doubt. I think so anyway; maybe it did sell: I haven’t found a copy anywhere since, and in the K archive we only have one copy (so if anyone has another copy – do let me know!). Another btw, btw: I was helped immensely by a certain Natalya Kasperskaya back then in the preparation of the book. She was at home juggling looking after two little ones and editing it over and over; however, I think it must have piqued her curiosity in a good way – she warmed to the antivirus project and went on to take a more active part.

That pic there is of my second publication. The single copy of the first one – just mentioned – is at the office, and since we’re taking this quarantine thing seriously, I can’t physically take a pic of it (.

Besides books, I also started writing articles for computer magazines and accepting occasional speaking opportunities. One of the clubs I was speaking at would also send out shareware on diskettes by post. It was on such diskettes that the early versions of our antivirus – ‘-V by doctor E. Kasperski’ (later known as ‘Kaspersky’:) appeared (before this, the only users of the antivirus were friends and acquaintances).

The main differences between my antivirus… utility and the utilities of others (there’s no way these could ever be called ‘products’) were, first: it had a proper user interface – in the pseudo-graphics mode of MS-DOS – which even (!) supported the use of a mouse. Second: it featured ‘resident guard’ and utilities for the analysis of system memory to search for hitherto unknown resident MS-DOS viruses (this was back before Windows).

The oldest saved version of this antivirus is the -V34 from September 12, 1990. The number ’34’ comes from the number of viruses found! Btw: if anyone has an earlier version – please let me know, and in fact any later versions too – besides -V.

The antivirus market back then didn’t exist in Russia, unless you can call Dmitry Lozinsky’s ‘Aidstest’ on a diskette for three rubles a market. We tried to organize sales via various computer cooperatives or joint ventures, but they never came to much.

So I had to settle into my role, in 1990-1991, as a freelance antivirus analyst, though no one had heard of such a profession. My family wasn’t too impressed, to say the least, especially since the CCCP was collapsing, and a pertinent question ‘discussed in kitchens’ [no one did cafes/restaurants/bars for their meet-ups and chit-chats back then: there weren’t many in the first place, and not many folks had the money to spend in them even if they had] would be something like: ‘where’s all the sugar gone from the shop shelves?’ Tricky, tough times they were; but all the more interesting for it!

To be continued!…

Enter your email address to subscribe to this blog

ILOVEYOU – 20 years ago – to the day!

Ancient cybersecurity folks with more than 20 years’ experience in the industry will of course remember the infamous ILOVEYOU Love Letter email worm from the early 2000s. What they may not recall is that it was exactly 20 years ago when it first reared its ugly head.

20 years? What?! Yep: Two decades ago to the day this cyber-maggot paralyzed practically the whole world. Wanna know what the guy responsible for this global cyber-tragedy is doing now, and where? I’ll get to that a bit later…

But I’ll start with a summary of the events of 20 years ago, in case you missed them. First up: why ‘Love Letter’?

This cyber-vermin crawled into millions of folks’ email inboxes. The receiver got a ‘love letter’ from what looked to be a friend or acquaintance.

source

Curiosity killed the… email recipient: after the attached VBS was clicked, the malware basically took control and sent itself on behalf of the recipient to everyone in his/her address book. And in some kinda totally mental mega-exponential way managed to infect – in a matter of hours!! – practically the whole email-using planet!

This caused colossal damages (yes, the worm also damaged certain files) (damages: to the tune of several BILLION dollars!)). Curious fact: the code for e-mail distribution was swiped from another worm – Melissa – which a year earlier ran amok around the whole world too (Microsoft had to switch off its corporate email (in current terminology – self-isolated) in order to stop the spread of the worm).

There’s another interesting element of Love Letter: the worm would download from the internet a Trojan that stole the infected computers’ internet-access logins and passwords (this is back when access was mostly dial-up, costing a lot – using per-hour tariffs), and sent them to a given address.

Read on…

Topping the Top-3: transparently, for all to see.

You might think that we were lucky – in the right place at the right time – to have started out well as an enterprise and later becoming the world’s leading cybersecurity vendor. You’d be wrong! Now let me tell you a story…

Actually, back in the day, right at the beginning of our antivirus work, I we set myself ourselves a goal. An incredibly ambitious goal.

I remember it well. My long-time friend, Alexey De Mont De Rique, and I were at the tram stop waiting for the number six tram not far from Sokol metro station in Moscow some time in 1992 – back when we’d work 12-14 hours a day (‘Daddy’s working!’ my kids called me). I suggested to Alexey that ‘we need to set ourselves a goal’. His reply came something like: ‘Ok. What goal precisely, do you really think we need to set one, and how persistent should we be in attaining it?’ Something like that, anyway. My response: ‘Our goal should be to make the best antivirus in the world!’ Alexey chuckled. But he didn’t dismiss it. Instead, we simply set out on our journey toward reaching the goal – working hard harder, and always with our goal at the back of our minds. And it worked!…

How, exactly?

With the mentioned harder work, with inventiveness, and with somehow managing to survive and prosper through those very tough times in Russia [early 90s Russia: the collapse of the Soviet Union and its command economy, the struggles to switch ‘instantly’ to a market economy, inflation, joblessness, lawlessness…]. We toiled away non-stop. I detected new viruses; Alexey coded the user interface; and the antivirus database editor, Vadim Bogdanov (Assembler Jedi), used the Force to put together the various computer tools for what I was doing. Yes – in the early 90s there were just three of us! Then four, then five, then…

Now, remember how I started this blogpost by telling you our success wasn’t a matter of being in the right place at the right time? Well, there was some luck involved: in 1994 the world’s first ‘Antivirus Olympic Games’ took place – independent testing of security software at the University of Hamburg. Sure, we were lucky that this independent testing took place. But it wasn’t luck that we won!

Oh yes. We got the gold (a trend that has stuck with us to this day – as I’ll detail in this post). So from almost the very get-to, we got the very highest results in Hamburg. But it was catching. We kept on getting golds in other independent tests that were established around that time. Hurray!

Read on…

i-Antitrust: time to give you your choice back, folks!

Fighting injustice. It’s just what we do – and keep doing. And that includes fighting major, large-scale injustice…

For example, in 2017, we managed to reach an agreement with Microsoft that encouraged it to stop giving unfair advantages to its own antivirus product. Sure, Microsoft is a modern-day Goliath. But we’re a modern-day David! And we need to be. For someone has to stand up to the giants now and again when they start throwing their weight around unfairly. Not doing so would mean users wind up with less choice.

Then last year saw us having to don the boxing gloves again for another dispute – again on an antitrust issue, but this time with another Goliath: Apple. Fast forward nearly a year – and I have two bits of news for you on this…

But first – quick rewind: some background.

 

Early on – halcyon daze…

Back in 2008, on the back of its extraordinary successes with its iPhones, Apple opened its App Store. And to fill out its ‘shelves’, it invited independent developers to use it as a platform to sell their for-iOS software. Those independent developers jumped right in, bringing with them thousands of apps (fast-forward 12 years and there are now literally millions). Users all over the planet were happy with all that choice, both Apple and the independent developers made tidy profits, all was well, there was peace and harmony, and it looked like everyone would live happily ever after.

But… business is business. At the end of the day Apple exists – like all commercial companies – to make a profit first and foremost. So it started branching out a bit. It created other iThings, all sorts of services, and a lot more besides. Yet still Apple yearned for more. Which was when it turned its gaze toward the markets of iOS applications made by independent developers in its own App Store.

Fast-forward to 2020.

I have a lot of respect for Apple. The company created a successful business model that’s much envied and much imitated. I neither envy nor imitate it, and I don’t agree fully with much of its policy (first and foremost – regarding cybersecurity), but that doesn’t mean I respect it any less (even though I personally don’t use any Apple products). We’ve been cooperating with Apple many years, in various areas, and until recently this was a partnership of equals.

Like tens of thousands of other independent developers, we create useful iOS apps – apps that increase the overall attractiveness of the platform. Together with Apple we had some profitable mobile business going on, but it was the users who benefitted most (as they were supplied with ever-more useful apps). Everyone had it good. Then, at the end of 2018, Apple announced its crusade against independent developers with the release of its Screen Time.

Competition is good, because competition works for the good of the user. In this case, more apps, better apps, more varied apps – more choice (and a developer not falling asleep at the top of the App Store listings)! But for competition to exist there needs to be a level playing field, i.e., fair rules. For everyone. Yet that level playing field – and competition with it – has been destroyed by Apple. Let me tell you how.

iStory that’s hard to believe.

Screen Time entered a mature market in which dozens of independent developers already operated. The App Store offered a great many apps providing parental controls, time management and other related tasks. And it’s here where the craziness begins.

Apple unexpectedly monopolized a wide range of critical functions, by simply turning them off for other developers!

So, like, how, for example, is a parental control app supposed to get by without configurable profiles, the ability to filter URL addresses, application control, and full fledged geolocation? That’s right: it can’t! But it can if it’s an Apple parental control app – for none of this critical functionality was limited in any of its own apps! It’s one rule for Apple’s apps, another for all the rest.

Now, of course, this audaciously odd-ball move was made under a smokescreen of ‘concerns’ about security and privacy; however (also ‘of course’) – these concerns were seen right through real quick to reveal their bogusness.

Next, Apple started banning developers from the App Store, delaying approval of new software builds, and rolling out new unacceptable requirements and conditions. Some apps were shut down, while others had their functionality restricted – rendering them useless. But some independent developers decided to fight back. Including us. Developers came together to form an association with the aim of working with Apple to try and secure fair rules for all, while some filed complaints with regional antitrust authorities and began a public campaign in the press and on social media.

Then, in June 2019, Apple looked like it had hit the brakes and even gone into reverse. However, actually, it was purely a tactical maneuver to feign an expression of goodwill, and which in no way helped solve the problem of equal rights for all – including Apple itself.

Then it released iOS 13… – with yet further restrictions to hit the ecosystem even harder!

Let me give you an example of how the ‘innovations’ of iOS reflected on our parental control app Kaspersky Safe Kids.

First, Apple loads and activates Screen Time automatically on devices upon installation of the new version of the iOS – even if the user already has onboard a similar application. Don’t know about you, folks, but that, to me, doesn’t have much of a ring of ‘free competition’ to it. Looks more like just the opposite: with a ring of intrusion, aka thrusting, aka foisting, aka gatecrashing the party, i.e. – uninvited.

Second, new features on iOS 13 now permit a child to easily delete Safe Kids (i.e., a complete cancelling out of the very meaning of ‘parental control’), and also view websites via Safari (it has become impossible to hide it) instead of via the built-in safe browser that permits filtration of undesirable content. No, really folks!

Third, changes to the policy of accessing the geolocation of a device have taken away parents’ ability to track their child’s location! (No. I am not making this up. And all in the name of security – remember?!)

But wait – here’s what really takes the proverbial biscuit. Are you sitting down?…

All features that have become forbidden to independent developers remain completely ok and wholesome and accessible to… – ta-daa – Apple!

iAudaciousness on this scale simply couldn’t go unnoticed.

Encouragingly, the issue hasn’t gone unnoticed. It’s been resonating at the very highest legislative levels around the world. In the U.S. Senate it was suggested to forbid Apple and other large companies from placing their own apps in their own marketplaces, since they, by default, will create preferences for their own products.

In Russia antitrust proceedings have been initiated. In the EU they’re still at the pre-investigation phase. Indeed, slowly but surely the negative consequences of this lowering of competition are coming to the surface. Even from the user side – Screen Time is taking a lot of flak for its functionality shortcomings (even with its functional superiority given that its competitors have all had their functionality curtailed!). Some independent developers see the only way of getting round the issue to be to urge users to move over to Android if they want to keep their kids safe.

And now for that news I said I’d be telling you…

I’m not sure yet if it’s good news or not, but at least some movement must be a good thing – and we’ve been trying to fight for equal opportunities for everyone. This spring, the Federal Antimonopoly Service of Russia will deliver its verdict on our claim regarding the abuse by Apple of its dominant position and the creation of unlawful competitive advantages for Screen Time. Almost all arguments and evidence in the proceedings have already been given and submitted. For us it’s been a very long, complex process (details – here), which has taken up much time, effort and money energy. But we’ve explained our position well, and I have Hope that the decision will be in our favor. Fingers crossed…

When Jobs was in charge – there was nothing like this.

Do you know what this crusade of Apple’s against independent developers gets me thinking about? A fight of the iOS ecosystem against the App Store ecosystem! The former gradually absorbs the juiciest, most profitable markets of the latter. And it looks all the more unsavory given that it is thanks to the App Store that the iOS platform has risen to now make up the basis of the business of the company. Without it, Apple would have had just another failed project – the kind of which there have been many in the history of the IT business.

It all reminds me a little of the infamous letter of Steve Jobs that announced the ‘holy war‘ against Google; in particular one sentence within it: ‘Tie all our products together, so we further lock customers into our ecosystem’.

Probably only Mr. Jobs himself knows exactly what he meant by that. But though he was originally against third-party apps for the iPhone (he later changed his mind), I’ve no doubt whatsoever that among his greatest expectations were those he vested in independent developers: to have their inspiration and resources help create for Apple the best ecosystem. And one thing’s for sure, Jobs wouldn’t have allowed Apple to transform itself into a self-important dictator and turn on the very developers that helped it and subject them to out-and-out discrimination.

I’ve already said this above, but I’ll say it again: I respect Apple. And I have a feeling that there are no issues in our relations we can’t resolve. Apple could opt for a sensible compromise and reconsider the unfair rules of the game. This would make its platform even stronger by permitting independent developers to supply to it full-fledged apps so as to serve the needs of its millions of users optimally.

Finally, please support us in this struggle to secure your right to choose exactly what you want, not what one large corporation decides is best for you. And stay tuned. I’ll be back with news re the FAS’s verdict once it arrives…

Cyber-news from the dark side: Er, who said you could sell my data?

January 28 is my aunt Olga’s birthday. It also happens to be Data Privacy Day. And my aunt Olga still isn’t aware! But she should be! For digital data is the currency of the new millennium. Accumulated knowledge of trillions of clicks and transactions – it’s a gold mine for any business. And multimillion-dollar businesses – lots of them – are based on the sale of these cyber-resources.

Global IT companies have more access to personal data than do countries. As a result, this topic is extremely important; it’s also toxic.

And, wherever there’s money – there are always bad guys. Cyber-bad-guys getting up to no good with folks’ data are forever multiplying in numbers. But even respectable companies may get up to no good with folks’ data too, and they seem to get away with – mostly. But more on that later…

Now, I’d like to ask a simple question – one to which, at least in global IT, there is no answer yet: ‘What is good and what is bad?’ I mean: where is the line between universal human morals and business ethics? Where is that fine line?

Alas, the question of cyber-ethics and cyber-morals is a very ambiguous one. Meanwhile, I can assure you that with the introduction of 5G and further sharp increases in the number of IoT devices, our data will be collected all the more. And more, and more…

Now for some detail: broken down into the main, most-pressing, interesting matters:

Lawyers, lawmakers, journalists, politicians, pundits, social commentators, philosophers… – not one of them can answer this question: ‘Who does data belong to?’ To users? To governments? To businesses? It would nice to think that users’ personal data belongs to those users themselves; at least up until when they may decide to voluntarily share it: when they fill in a form on a website, enter their name, telephone number and email to register for a newsletter, or thoughtlessly place a check in an app without reading through the small print of a lengthy legal agreement. Formally, from that moment on we give certain third parties the legal ability to handle our data, analyze it, sell it and whatever else is written (but rarely read) in the respective agreement. So does that mean that from that moment the data belongs to those third parties, too?

Much of the problem lies in the fact that the term ‘personal data’ is very vague and ephemeral – not only from the standpoint of the user but also from the legal one. Laws often can’t keep up with technological development. Nevertheless, on the whole over recent years the tendency has been clear: new laws being passed on the protection of personal data and the updating of existing legislation. In parallel, people’s attitudes toward personal data and privacy have become a lot more serious – something that of course I’m very happy to see.

Enough of my ‘intro’; let’s move on to the main dish…

Last week there was quite the scandal reported in the press involving Avast, one of the major players in the AV market.

Vice published an expose detailing how Avast has for years been giving data of its users that it collects to one of its subsidiaries – Jumpshot – which in turn then sells it to third-party companies. Those third-party companies thus got access to information on the online behavior of users: what websites were visited, movements from sites to sites, GPS coordinates of users of Google Maps, YouTube viewing histories, and lots more besides. And though the data wasn’t associated with specific individuals, IP addresses or emails – in other words it was anonymous – the data did come with identifiers, which keep working up until when a user may delete their Avast antivirus from their computer

Of course, this is nothing short of scandalous from an ethical point of view. We here at K have never allowed such a thing to happen, and never would; and we firmly believe that any earnings made from data of your users is simply beyond the pale.

The epilogue of this sorry tale was a formal apology from Avast’s CEO, in an announcement about the termination of Jumpshop. In my view, that was the only appropriate thing to do. I understand it mustn’t have been easy, and there will have been big financial losses, but still. Well done for doing the right thing in the end.

For us, the matter of data storage and its usage has long been a priority. Back in 2017 we launched our Global Transparency Initiative, moved our data processing for European users (plus other countries) to Zurich, since then have opened two more Transparency Centers, and are soon to open two more. Projects like this aren’t cheap; but we feel we simply must set new standards of openness and a serious attitude to personal data.

More details about our principles of data processing, about how our cloud-based KSN works, anonymization of data, and other important things you can find here. But I just want to add, addressing all our users, that, rest assured: we never make any compromises with our conscience – ever.

Often, the collection and sale of data is carried out by free antivirus software, covering things like surveillance of users for advertising purposes and the trade in their confidentiality, all to make money. As you’ll know, we also have a free version of our AV, based on the same protection-tech as our other, paid-for products, whose effectiveness is constantly confirmed in independent tests. And though the functionality of the free version is rather stripped down, it’s still a piece of AV we’re very proud of, delivering users solid and reliable protection and leaking no personal data for advertisers. Users deserve the best protection – without annoying adverts and privacy trading. But I’ve been saying that years.

Something else I’ve been talking about for years is my own paranoid very serious attitude to my own personal data. One more time: I only ever give it out when it is wholly necessary, which I recommend you do too. I understand it’s difficult to fully realize the importance of this, when its so intangible and when the ‘price’ of our data is impossible to estimate. Just remember – every click, every site you visit – someone (rather – something), somewhere is making a record of it, and it never gets deleted. So come on folks, lets get serious about our digital footprint; and more serious about how we view the companies and products to which you entrust your personal – private – data.

PS: We recently launched a useful site with detailed recommendations for protecting your personal digital life. Here you can find the most important privacy settings for popular social networks, online services and operating systems. Have a look!

Cybernews: If Aramco had our Antidrone…; and honeypots to make IoT malware stop!

Hi folks!

Recently there was a Cyber News from the Dark Side item of oh-my-Gulf proportions. You’ll no doubt have heard about it as it was all over the news for days just recently. It was the drone attack on Saudi Aramco that took out millions of barrels of crude per day and caused hundreds of millions of dollars in damage.

Alas, I’m afraid this is only the beginning. Remember those drones bringing Heathrow – or was it Gatwick? – to a standstill a while back? Well this is just a natural progression. There’ll be more, for sure. In Saudi, the Houthis claimed responsibility, but both Saudi and the US blame Iran; Iran denies responsibility. In short – same old saber-rattling in the Middle East. But that’s not what I want to talk about here – that’s geopolitics, which we don’t do, remember? ) No, what I want to talk about is that, as the finger-pointing continues, in the meantime we’ve come up with a solution to stop drone attacks like this one on Aramco. Soooo, ladies and gents, I hereby introduce to the world… our new Antidrone!

So how does it work?

The device works out the coordinates of a moving object, a neural network determines whether it’s a drone, and if it is, blocks the connection between it and its remote controller. As a result the drone either returns back to where it was launched, or it lands below where it is up in the sky when intercepted. The system can be stationary, or mobile – e.g., for installation on a motor vehicle.

The main focus of our antidrone is protection of critically important infrastructure, airports, industrial objects, and other property. The Saudi Aramco incident highlighted how urgently necessary such technology is in preventing similar cases, and it’s only going to become more so: in 2018 the world market for drones was estimated at $14 billion; by 2024 it’s forecast to be $43 billion!

Clearly the market for protection against maliciously-minded drones is going to grow too – fast. However, at the moment, our Antidrone is the only one on the Russian market that can detect objects by video using neural networks, and the first in the world to use laser scanning for tracking down the location of drones.

Read on…

If I had a dollar for every time I’ve been asked this question in 30 years…

Hi folks!

Can you guess what question I’m asked most of all during interviews and press conferences?

It started being asked back in the 1990s, quickly becoming the feared question that used to make me want to roll my eyes (I resisted the temptation:). Then after a few years I decided to simply embrace its inevitability and unavoidability, and started to improvise a bit and add extra detail to my answers. And still today, though my answers have been published and broadcast in probably all the mass media in the whole world – often more than once – I am asked it over and over, again and again. Of late though, it’s like I’ve come full circle: when I’m asked it I actually like to remember those days of long ago!

So, worked it out yet?

The question is: ‘What was the first virus you found?’ (plus questions relating to it, like when did I find it, how did I cure the computer it had infected, etc.).

Clearly, an important question, since, if it weren’t for it infecting my computer all those years ago: I may not have made a rather drastic career change; I may not have created the best antivirus in the world; I may not have raised one of the largest private companies in cybersecurity, and a lot more besides. So yes, a fateful role did that virus play – that virus that was among the early harbingers of what was to follow: billions of its ‘descendants’, then, later, cybercrime, cyberwarfare, cyber-espionage, and all the cyber-bad-guys behind it all – in every corner of the globe.

Anyway – the answer finally, perhaps?…

The virus’s name was Cascade.

But, why, suddenly, all the nostalgia about this virus?

Read on…

Threat Intelligence Portal: We need to go deeper.

I understand perfectly well that for 95% of you this post will be of no use at all. But for the remaining 5%, it has the potential to greatly simplify your working week (and many working weekends). In other words, we’ve some great news for cybersecurity pros – SOC teams, independent researchers, and inquisitive techies: the tools that our woodpeckers and GReAT guys use on a daily basis to keep churning out the best cyberthreat research in the world are now available to all of you, and free at that, with the lite version of our Threat Intelligence Portal. It’s sometimes called TIP for short, and after I’ve said a few words about it here, immediate bookmarking will be mandatory!

The Threat Intelligence Portal solves two main problems for today’s overstretched cybersecurity expert. First: ‘Which of these several hundred suspicious files should I choose first?’; second: ‘Ok, my antivirus says the file’s clean – what’s next?’

Unlike the ‘classics’ – Endpoint Security–class products, which return a concise Clean/Dangerous verdict, the analytic tools built into the Threat Intelligence Portal give detailed information about how suspicious a file is and in what specific aspects. And not only files. Hashes, IP addresses, and URLs can be thrown in too for good measure. All these items are quickly analyzed by our cloud and the results on each handed back on a silver platter: what’s bad about them (if anything), how rare an infection is, what known threats they even remotely resemble, what tools were used to create it, and so on. On top of that, executable files are run in our patented cloud sandbox, with the results made available in a couple of minutes.

Read on…