Hi all!

We’re always assessing the state of the world of computers by prodding it with various hi-tech instruments in different places, taking measurements from different Internet sensors, and studying “information noise”. From the information we glean from all this, plus data from other sources, we constantly evaluate the overall body temperature and blood pressure of the computer world, and carefully monitor the main risk areas. And what we’re seeing at the mo – that’s what I’ll tell you about in this post.

To many, it seems that the most diseased elements of the digital world are home computers, tablets, cellphones and corporate networks – that is, the computer world that most folks know about – be it of a work or home/consumer coloring. But they’d be wrong. Despite the fact that the majority of cyberattacks occur in “traditional” cyberspace (cyberespionage, cybercrime, etc.), they don’t represent the main threat. In actual fact, what should be feared most of all are computer attacks on telecommunications (Internet, mobile networks) and ICS (automated Industrial Control Systems).

One particular investigation of ours, conducted as part of our ongoing secure OS project, detected a seriously low level of “computer immunity” for control systems of critically important infrastructure. ICS, including SCADA, all of which is made up of software and computerized hardware, is responsible for controlling – and the smooth, uninterrupted running of – tech-processes in practically every sector of industry, be it the power industry, transportation, the mass media, and so on. Computer systems control critical aspects of all modern cars, airplanes and trains; every power station and waterworks, every factory, and even every modern office building (lifts, electricity and water supply, emergency systems like smoke alarms and sprinklers, air conditioning, etc.). SCADA and other ICS – it’s all imperceptible, working in the background in some corner or other nobody takes any notice of… but a whole lot around us depends on it.

Alas, as with any other computer systems, SCADA & Co. can be exposed to malware and hacker attacks, as was clearly demonstrated by the Stuxnet worm in 2010. Therefore, protection of critically important systems has become one of the main strategic priorities of computer security in most developed countries of the world, while in response to cyberattacks on critical infrastructure some countries are ready to go to war – real tanks-and-bombs war (if they can find out which country is responsible). So indeed, the situation’s sure hotting up.

Of course, we’re on the case with SCADA security, and have been for a while. Over the last several years we’ve been conducting detailed analysis of ICS, been establishing the fundamental principles of SCADA security, and also developing a prototype solution for guaranteed SCADA protection from malware threats – based on traditional endpoint security and our secure OS. Products fit for consumption aren’t ready just yet, but active work is currently underway – so they should be soon…

Now, while continuing our usual analysis of SCADA security, earlier today we stumbled upon one heck of a big surprise: we came across “Mother-SCADA”, the chief, predominant, all-powerful ICS of the whole world, on whose smooth and uninterrupted operation relies literally everything on the planet: from how breakfast tastes and the size of annual bonuses, to the hours of night and day time and how fast the sun and the stars move across the skies.

Yep, we’ve gone and found the SCADA that manages all the technological processes in the Matrix!

More: Mother SCADA controls your annual bonus!…

In brief.

• Approximately 5% of home computers around the world are infected. That’s at least 50 million machines.
• We discovered this from our free Kaspersky Security Scan after analyzing requests to an “antivirus cloud”.
• We’re only talking about Windows PCs – we don’t know how many infected Macs and Linux machines there are out there.

Now for all the gory details.

So, just how many infected computers are there in the world right now (to within two or three parsecs)? It’s a pertinent question. And that’s just PCs; no Macs (quite a few of which are infected too). And let’s restrict it to just home users. In any case, it’s still interesting to know. What do you need to do to find out that sort of information? Well, a large selection of computers needs to be scanned for malware, and that’s a large selection in terms of geography as well as numbers. The antivirus tool not only needs to be good at catching viruses – it mustn’t conflict with other antivirus programs.

Well, we have just the thing – Kaspersky Security Scan (KSS).

More: KSS – a nifty little thing…

As some of you may have guessed from the title – this post is about encryption!

Actually, about the new full-disk and file-level encryption that are featured in our new corporate product.

Let me warn you now from the outset – there’ll be quite a bit of specific tech terminology and information in this post. I have tried to make it as minimally heavy and dull as possible. However, if the business of encryption will never manage to wet your whistle just a little, well, you can simply sack the idea right now before you begin – and learn all about the touristic treasures of New Zealand, for example :).

Soooo. Encryption:

More: re-rewind, context, background …

The system administrator – also sometimes affectionately known as the computer guy/girl – is a fairly well known figure at any company with more than a handful of employees. Stereotypes abound for sysadmins, and even sitcoms are made about the genre. But a lot of those are out-of-date and silly generalizations (my sysadmin @ HQ is neat and well-groomed – verging on the Hipster, with long blond fringe and side parting!)

So, really, just who is the sysadmin?

Right. All of us – computer users – are divided into three categories in terms of the answer to this question. To the first category, a sysadmin is an angry bearded devil, a computer whiz(ard), and a shaman – all rolled into one. The second category also attributes to sysadmins certain otherworldly traits, but strictly positive ones worthy of repeated bows plus a small gift on every worthy holiday (especially Sysadmin Day). Then there’s the third category of computer users – who don’t take either of these two views of sysadmins; these folks understand they’re just normal folks like the rest of us. And this third category includes the sysadmins themselves!

The shamanic work of sysadmins is eternally interesting: assembling brand new shiny kit, connecting it up with cables (or without them), and also commanding control over mice and keyboards – sometimes from thousands of miles away – and installing or reconfiguring software on a comp from the comfort of their own workplace. However, at the same time the work is hard, incredibly accountable, and, alas, in part thankless.

First of all there are the hundreds or thousands of users who all need to be kept happy – most of them clever-Dicks! Then there are the ever-increasing numbers and types of computers and other newfangled devices – all of which need attention and care. And of course there’s the jungle of software, cables and routers, problems with security… And to top it all off there are the ever-present budgetary constraints and dissatisfaction of the management and users. So it should come as no surprise that only sysadmins with iron psyches and healthy, cynical attitudes to life are the only ones who can cope with the job!

Perhaps the biggest headache for sysadmins is how to physically manage all the tasks under their remit. Installing Office here, correcting a setting in Outlook there, connecting a new comp in the neighboring building, and then getting through another 48 tasks scattered all over the office(s) is all going to result in nothing other than sysadmin burnout! Enter systems management to ease the burden…

The majority of routine operations for controlling a network can either be fully automated, or at least performed remotely, without excessive movement about the office. Upgrade an OS on a comp? Install an application? Check what software is installed on the chief accountant’s laptop? Update antivirus and scan a computer for vulnerabilities? Prolong a license? Correct some pesky setting that’s preventing a program from working as it should? All that and a lot more the sysadmin can do today without leaving his/her room with the help of the same systems management. And just think of the improved productivity of labor and lowering of costs! And how much simpler the life of the sysadmin becomes!

In the early 2000s a control system for the security of a network appeared in our products. It formed a teeny-weeny (but oh-so important) part of systems management, responsible for the monitoring of protected workstations, installation and updating of antivirus, and so on.

More: 10 years later…

Hi all!

A great many computer security events occur around the world all the time, but the RSA Conference is one of the most important of all of them. What exactly it’s all about here I’ll not go into; instead I’ll just share with you some pics from the gig. The photos were taken the day before it started while the stands were still being set up, so though all the installations aren’t ready, at least you can see the near-completed scene without throngs of visitors getting in the way…

Stylish stands

More: Jam of resurrection Joes…

You’ll no doubt concur with the following observation:

You see them everywhere: folks in elevators, coffee shops, subways, taxis, airports and airplanes, at concerts and parties, on sidewalks, and in darkened cinemas (dammit!), in fact, folks in just about any situation possible – you’ll always find some – no, lots – of them concentrating on, and/or tapping away at the touchscreens of, their smartphones and tablets. And let’s face it – you too do the same, right? (Apart from in the darkened cinema, of course :)

So just what is it these perennial smartphone tappers are up to? Gaming? IMing? Watching movies, or reading the news or an e-book?

All are possible. But more often than not I’ve been observing that at any given convenient moment, any time of day or night, and in any weather, lots of folks tend to be checking their work email and solving work tasks. Yep, on their own absurd-money smartphones! Outside business hours. Without coercion and with plenty of enthusiasm, or, at least, without grumbling :). I sometimes even see them sighing and unconscious pouts forming upon their lips in disappointment that no one’s writing to them!

So why all this 24/7 “at the office, kinda”, all of a sudden? Maybe it’s a cunning virus that infects users’ brains directly from the screen? (Hmmm, that gives me an idea for April 1, 2013:) Or is it that the business management gurus have had it wrong all along re employee motivation? All that was needed in fact was to just connect pretty little glass devices armed with an Internet connection – bought by the employee I might add – to the corporate network! What could be simpler? And that’s exactly what’s been happening; here’s proof: according to Forrester 53% of employees use their own devices for work.

More: The other side of BYOD…

A serious issue I’ve been critically writing and talking about for several years now has finally made its way up through the echelons of power to find itself being officially recognized – and condemned – by no less than the President of the USA! Indeed, the day before President’s Day Barack Obama issued a strong rebuke against patent trolls! When asked to comment on the current situation as regards the protection of intellectual property and abuses of patents, he came out with the following gem:

“The folks that you’re talking about [patent trolls] are a classic example; they don’t actually produce anything themselves. They’re just trying to essentially leverage and hijack somebody else’s idea and see if they can extort some money out of them.”

Ye gods. At last some sense from the top! He went on to say that patent trolls (not the term he used!) represent one of the main things very wrong with the current American patent system. Then he commented on his administration’s attempts at patent reform:

“I do think that our efforts at patent reform only went about halfway to where we need to go, and what we need to do is pull together additional stakeholders and see if we can build some additional consensus on smarter patent laws.”

You can read a bit more on Obama’s comments here, or check this video out – from the 16^th minute:

More: How to stop feeding these parasites?…

On Tuesday, President Obama issued a long awaited Executive Order on cyber security intended to expand and deliver more robust information sharing between government and the private sector.  The Executive Order also requires the development of a voluntary cyber framework and standards to improve protection of the U.S. critical infrastructure.  The Executive Order rightly focuses on a risk-based approach.  Resources are limited and prioritization to secure those areas most at risk is smart policy.  The sophistication of threats and targeted attacks on key economic sectors around the world stresses the urgency that action be taken to better secure critical infrastructure.  This effort by President Obama is a positive step to address a real gap in the protection of critical assets necessary to the well being of the United States.

The risk to critical infrastructures is real, and an international challenge that must be addressed by governments and the private sector together.  As we see more threats to the national and economic security of countries, action must be taken to better protect those critical national infrastructures.  Attacks like Stuxnet, Flame, Gauss and Shamoon are becoming commonplace and keep growing in sophistication.

I believe this executive order is a move in the right direction as it seeks to increase digital defenses of critical infrastructure, and tries to facilitate the exchange of threat information between the government and private sector.  Better cooperation between governments around the world and their private sectors to improve sharing of timely and relevant cyber threat information is essential. Likewise, operators of the critical infrastructures must work to implement flexible performance based standards to secure their assets.

We are at a critical juncture on cyber security protection, and leadership in the U.S. and around the world is essential.  We hope that other nations and unions will follow this example and take steps to better protect their national critical infrastructures.

We’re ready to support and assist in national and international cyber defense efforts with our research, technologies and people.

“All animals are equal, but some are more equal than others.” Thus spake Napoleon, the head-hog in Orwell’s dystopian classic.

The genius of this phrase lies in its universality – a small addition turns the truth inside out. Alas, this witty paradox [sic.] is met not only in farmer-revolutionary sagas, but also in such (seemingly very distant) themes as – and you won’t believe this – antivirus tests! Thus, “All published AV-test results are equal, but some are more equal than others.” Indeed, after crafty marketing folk have applied their magic and “processed” the results of third-party comparative AV tests, the final product – test results as published by certain AV companies – can hardly be described as equal in value: they get distorted so much that nothing of true value can be learned from them.

Let’s take an imaginary antivirus company – one that hardly distinguishes itself from its competitors with outstanding technological prowess or quality of protection, but which has ambitions of global proportions and a super-duper sales plan to fulfill them. So, what’s it gonna first do to get nearer its plan for global domination? Improve its antivirus engine, expand its antivirus database, and/or turbo charge its quality and speed of detection? No, no, no. That takes faaaar too much time. And costs faaaar too much money. Well, that is – when you’re in the Premiership of antivirus (getting up to the First Division ain’t that hard). But the nearer the top you get in the Champions League in terms of protection, the more dough is needed to secure every extra hundredth of a real percent of detection, and the more brains it requires.

It’s much cheaper and quicker to take another route – not the technological one, but a marketing one. Thus, insufficient technological mastery and quality of antivirus detection often gets compensated by a cunning informational strategy.

But how?

Indirectly; that’s how…

Now, what’s the best way to evaluate the quality of the protection technologies of an antivirus product? Of course it’s through independent, objective opinion by third parties. Analysts, clients and partners give good input, but their impartiality naturally can’t be guaranteed. Comparative tests conducted by independent, specialized testing labs are where the real deal’s at. However, testers are peculiar beasts: they concentrate purely on their narrow trade – that’ll be testing – which is good, as testing done well – i.e., properly and accurately – is no easy task. But their results can often come across as… slightly dull, and could do with a bit of jazzing up. Which is where testing marketing done by those who order the testing kicks in: cunning manipulation of objective test results – to make the dirty-faced appear as angels, and/or the top-notchers appear as also-rans. It all becomes reminiscent of the ancient Eastern parable about the blind men and the elephant. Only in this case the marketing folk – with perfect eyesight – “perceive” the results deliberately biasedly. The blind men couldn’t help their misperceptions.

More: Nine tricks to put the wool over your eyes…

Somewhere in the office there’s a carefully guarded little big black book that contains a collection of up-to-date KL facts & figures, which we use in public performances. You know, things like how many employees we have, how many offices and where, turnover, etc., etc. One of the most oft-used figures from this book is the daily number of new malicious programs – a.k.a. malware. And maybe this daily figure is so popular because of how incredibly fast it grows. Indeed, its growth amazed even me: a year ago it was 70,000 samples of malware – remember, per day; in May 2012 it was 125,000 per day; and now – by the hammer of Thor – it’s already… 200,000 a day!

I kid you not my friends: every single day we detect, analyze and develop protection against just that many malicious programs!

How do we it?

Simply put, it all comes down to our expert know-how and the technologies that come about from it – about which another big black book could be compiled from the entries on this here blog (e.g., see the features tag). In publicizing our tech, some might ask if we aren’t afraid our posts are read by the cyber-swine. It’s a bit of a concern. But more important for us is users getting a better understanding of how their (our) protection works, and also what motivates the cyber-scoundrels and what tricks they use in their cyber-bogusness.

Anyway, today we’ll be adding another, very important addition to this tech-tome – one on Astraea technology. This is one of the key elements of our KSN cloud system (video, details), which automatically analyzes notifications from protected computers and helps uncover hitherto unknown threats. In actual fact Astraea has a lot of other plusses going for it – plusses which for a while already our security analysts simply couldn’t imagine their working day without. So, as per my techie-blog post tradition, let me go through it all for you – step by step…

More: Big data, crowdsourcing, data mining and Rocket science…