Nota Bene

Howdy, folks!

I’m a big fan of Kamchatka. I’ve been all over the world and seen many of its natural wonders, but nowhere on this planet have I seen such a high concentration of natural beauty and unusualness, mixed in good proportions with overcoming difficulties of the on-foot and water-based tourist way of life, with mushrooms, fish, red caviar, and roaming bears. They say that New Zealand is also such a uniquely beautiful volcanic-mountain-lake land, but I haven’t been – so I can’t compare the two yet. Sooner or later I’ll get myself there though, and will be able juxtapose them for you. But for now – the Kamchatka Peninsula.

I won’t wax lyrical as I often do on these here blog pages; I’ll limit my words here to just the following: Kamchatka is unbelievably amazing and fantastic, utterly unique, and as a result totally mind-blowing. I’ve just confirmed this to myself one more time. As if I needed convincing!

Practically in a straight line along the eastern coast of the Kamchatka Peninsula there are seven unique natural phenomena, each of which could easily be put on the list of the world’s natural wonders. The curious thing is that practically nothing is known about these extraordinary places in the West – or in the East, and even in Russia too.

What would the average Russian person stopped in the street say if asked about Kamchatka? Probably: “it’s a place where there’s plenty of fish, caviar, bears and huge crabs”. Some might even be able to add: “it’s where the Valley of the Geysers is”. However, that valley is just one of the seven Kamchatka wonders. Let me give you the full list, from North to South:

1. The Kluchevsky Group – a dozen or so huge to mid-sized volcanoes, in a relatively confined space.
2. Tolbachik, and the Severny Proriv (Northern Rupture), which is a black desert – the result of a crack that formed during a long eruption in the mid-1970s.
3. The Valley of the Geysers and the Uzon caldera – bubbling and erupting volcanism.
4. The Mutnovsky volcano range and the Gorely volcano – monumentally beautiful volcanic structures.
5. Khodutka – the largest thermal springs in the world, which form a too-hot-to-swim-in lake.
6. Ksudach – a crater inside a crater, a lake, and overall surrealism.
7. Kurile Lake – bountiful bears, and stupefying scenery.

The story of how the 2012 month-long expedition went I’ll be publishing here in installments.

But with no more of a do, let’s cut to the chase and get to the pics in this first installment – a few for each of the seven wonders of Kamchatka:

1. The Kluchevsky Group

More: And the other six Kamchatka wonders …

Apart from petty cash carried on the person, where in general does money mostly get stored?

Sure, gangsters still prefer cash stashed in a grubby cubby hole, while grandma still resorts to the trusty in-a-stocking-under-the-matrass option. But in most other cases the sensible move is to have cash converted into non-cash funds – or virtual money – ASAP, and put in banks and the like, where it can at least earn a bit of interest. And banks tend to keep cash in big safes. With this sensible option today come various useful knick-knacks like online banking, online shopping, and online just about whatever.

Of course, wherever lots of money and the Internet are closely connected there’ll always be plenty of cyber-scoundrels close by trying to get at that money – be it in folks’ current, savings or credit card accounts. And we’re not talking here about an occasional threat posed by a pair of unwashed, long-haired marginals from da cyber-underground either. It’s a real serious problem on a worldwide scale. A well-organized and smoothly running criminal industry with a multi-billion dollar turnover. It’s no wonder then that the security of financial transactions on the Internet has become the No. 1 problem (pdf) in the world for the majority of users.

Now, just like with banks with safes for paper money, this virtual money accessed via the Internet could also do with a safe – a virtual one, but one no less secure than a high-tensile steel armor-plated one. So let me tell you about our new Safe Money technology, which will be appearing in the next version of KIS towards the end of August/the beginning of September (depending on the country).

Before going through the details and advantages of Safe Money, it’s probably best first to look at how the cyber-swine try to get their grubby mitts into your virtual pockets. Or, less figuratively, to get at your user logins and passwords to access your online banking and other ‘monied’ accounts.

So, three ways how the cyber-baddies tend to break in:

• Infecting the computer of a victim with a Trojan to thieve data, take screenshots, and log keyboard strikes. Infection frequently occurs via a vulnerability in popular software;
• Phishing and social engineering: imitating genuine online stores, bank websites, dialog boxes, even telephone calls, etc.; and
• Different high-profile attacks like sniffing, DNS/Proxy server substitution, fraudulent certificate use, etc. to intercept traffic using man-in-the-middle attacks, and also man-in-the-browser threats, wardriving, etc.

And now – another threesome: the three main problems in terms of security against financial cyber-fraud:

• a lack of reliable site identification;
• a lack of trusted connections via the Internet between online services and clients; and
• a lack of guarantees that software installed on a computer doesn’t contain vulnerabilities that could be exploited by malware.

Luckily (for some), many aspects of this problem are comfortably dealt with by the latest Internet Security-class protection products. Only the most slothful of IT Security vendors these days don’t offer built-in protection against phishing; however, the quality of protection is another matter. But this is in no way enough to be safe in real life scenarios (about scenarios – see below). Still, the majority of products don’t have all the necessary features to provide fully comprehensive protection. What’s worse, the features they do have don’t work together harmoniously in solving specific problems, even though what’s really needed here is a multi-faceted, wide-spectrum “medicine”.

And so, if you’ll please now welcome onto the stage… Safe Money technology!

Safe Money resides in the upcoming version of KIS. What you do is enter the address of an online service that needs to be protected that uses money (a bank, store, auction system, payment system, etc.). Or you can choose a site from the built-in database, which includes 1500 different banks and 84 domains. On entering the site you need to choose the “Run the protected browser automatically” option, and from then on all sessions with that site are automatically launched in a special protected browser mode.

More: So what does this here protected browser mode do then? …

This is a very unusual post. It’s not about cyber-crime, malware, our latest business achievements or my latest long journey around the globe. It’s about truth and facts, and the importance of not hiding certain facts while revealing others.

For sure I was surprised to read such an article from a journalist who, up until Monday, always seemed to maintain the highest of professional and ethical standards. And it goes without saying that, on behalf of my company and our 2400+ employees around the world, I have to object to Mr. Shachtman’s litany of inferences, opinions, omissions and errors.

We first got to know Mr. Shachtman early last fall, and then invited him to our headquarters in Moscow. After several meetings with me and our team members, during which we discussed many different current issues related to the security field, it appears Noah Shachtman thought that he was ready to tell the world the “truth” about Kaspersky Lab and me personally, and decided to produce an article for Wired Magazine. And he got off to a great start (the way he described me after practically 72 hours on planes (Cancun-Munich-Cancun) just to be there for the opening of the event was all very true – and to me very amusing). But unfortunately Mr. Shachtman forgot to include essential components such as key facts, independent international experts’ opinions, and independent marketing research agencies’ data. Not only did he forget to check his facts, in some cases he wrote almost the opposite of what I actually said in my numerous interviews with him over the past seven months.

I hope Noah tried to do his best and had no hidden agenda. But he unfortunately failed to present to you the whole truth. So I’ve decided to help him out.

Read on: What Wired Is Not Telling You – a Response to Noah Shachtman’s Article in Wired Magazine

Howdy all, from the village of Paratunka! Here we’re at a small hotel that has warm water springs in its grounds that flow into natural swimming pools. All ecological, none of that horrid chlorine, and great fun! Paratunka is near the end tip of Kamchatka, in the far-far-far-east of Russia. The hotel was nothing special, but that didn’t matter. The only things that did matter were the nice warm temperature and freshness of the water in the hotel’s pools.

Read on: Kamchatka-2012, Day 0.

Kaspersky Lab is 15! Believe me – that’s a long time. That many years in the IT industry is a whole epoch, no – several epochs.

In 1997 when the company was founded our main enemy was cyber-hooliganism. At the start of the 2000s this was overtaken by organized cybercrime, and our task became considerably more difficult: on the other side of the barricades there wasn’t a bunch of uncoordinated hackers any more; large cross-border cyber-criminal structures had firmly established themselves – illegally earning millions of dollars in profits. Today, cyber-crime been joined by a new and much more fearsome phenomenon – cyber-warfare. Recent cyber-war attacks such as Stuxnet, Duqu and Flame show how it’s not just “business” any more, but politics, with those behind cyber-warfare not in it for the money. They’ve got different objectives. Cyber-warfare activities are also much greater in scale, or rather – reach, so the destructive force of attacks has gone up too. We’ve seen how poorly protected IT infrastructure can be exploited to paralyze whole cities, industries, even countries. Thus we’ve entered an ominous new era – that of cyber-warfare. What we need to do in response is join forces in a worldwide fight for security.

For our company this new era sure is a challenge. The goalposts have moved, but we’re moving with them. We’ve had nothing but moving goalposts now for 15 years! We’ve always had to deal with new threats, so we’ve gotten well used to always being on guard and not letting it down for just a second. So figuratively, but also as a matter of fact, our guys work 24 hours, seven days a week, and 365 days a year in keeping the guard up and maintaining protection from threats. Over our 15 year history we’ve built up a gigantic database, containing more than 94 million samples of malware and around 300 million trusted – whitelisted – files.

Read on: KL: 15 Years Old – How Time’s Flown!

Greetings all!
If someone had said to me back in 1997 that in 2012 the company would be celebrating its 15th birthday party, I’d have belly laughed in his or her face!

Read on: We’re 15 Years Old!

Hi all, from Phuket, Thailand, where we’re having our fourth yearly regional Partner Conference.

It’s the wet season (rainy season / monsoon season) here. We were warned about it so it wasn’t like it was a surprise. But I’d never actually experienced it before somehow, and thought that it was just a time when it rains heavily on and off: I didn’t realize quite what I was in for…

More: Phuket Bucket …

In order to ease the mind-numbing tedium of hanging around Munich airport, T.T. and I started playing “Any-Letter Airport Code”. It’s a reasonably pointless game – but a great time killer – in which you take turns to come up with a three-letter airport code containing a letter from anywhere within the previous code (i.e., not just the last letter, like in similar party games).

It turned out to be quite fun. Here’s what we got:

MUC-DME-MAD-DBX-LAX-LHR-FRA-PUN-DUB-BRU-BCE-PEK-PKC- (and this is where it got trickier! But we got there!) -KUL-CUN-NAS-SVO-SFO-OGZ (I thought I’d beaten T.T. here for sure, but then he comes back and finishes me off!) – ZUR! Eeh, the things you (we) do when bored, eh? :)

It was just then that a stewardess approached us and told us to switch off all our electronic devices in a thick German accent that brooked no opposition.

Any-Letter Airport Code got me thinking: we could set up and organize a large-scale, multi-participant game of “Boarding Pass Bingo”! The idea is pretty straightforward:

More: A very weird game! No cheating possible …

I recently found myself wondering how many interviews with the press I do every month. Of course the totals fairly helter skelter between months, but in the busier periods the number can get anywhere up to 70! And that’s only spoken interviews, i.e., those done in person or over the phone. If I were to also include e-mail interviews – the number would be just silly.

But I don’t complain. In fact just the opposite – I love interviews! Which reminds me of Richard Branson and his simple rule about interviews: “If CNN rings me up and wants to do an interview with me, I’ll drop everything to do it.” I also follow this rule – to the letter – and not without good reason.

Most interviews are what you’d expect. I get asked lots of questions, I answer them as best I can, and that’s about it.

But in a very few rare instances I get interviewed by a really well read-up journalist, meticulous to the point of hair-splitting, who not only knows all about me and KL and what we do, but also all about the particular narrow topic the interview’s about. By the end of the allotted hour I’m exhausted, the mind’s pretty much frazzled, and I feel like my very soul’s been extracted together with my long-winded answers to the sophisticated questions.

These are the trickiest and most trying kinds of interviews, but also the most useful. Why? Because during such intense sessions the gray matter inside the skull shifts up a gear or three and really gets to work, thinking in new ways and approaching familiar topics from fresh standpoints – to such an extent that after the end of the interview the momentum keeps the ideas coming, leading to all sorts of new insights. All really quite fascinating how creative cognition comes about. And all kicked-off by super-sharp reporters doing their job masterfully. Respect due. And a thank you!

Curiously, what unites such “special” interviews with regular ones is an inevitable question about the most pressing IT Security issues today – something like: “What keeps you up at night (in terms of IT Security hazards)?”! And I don’t get asked this all the time just by journalists in interviews. The question pops up at practically every IT conference I speak at.

And so: as promised earlier, here I’m presenting my List of the Five Main Issues Facing IT Security, in the broad sense of the term.

I should say straight away that I don’t have prescriptions for solving all five issues. The aim of this post is more to identify the problems, let you start to muse on them, and hopefully draw you into the fold of their ongoing discussion by raising your interest, empathy and/or sympathy!

Right, here’s my list:

1. Privacy
2. Internet Passports
3. Social Networks
4. Cybercrime
5. Cyberwarfare

More: getting into details …

Another crazy round-the-world tour is at an end.

The first half of the year is coming to a close – and we’ve spent much of it on the move. Our travels have been pretty intense. We (TT, KA, me – EK – and others) began our latest globetrotting stint on 2 May. We’ve managed to do a lot of things, sometimes just to satisfy our curiosity, and we’ve heard some interesting tales along the way. It’s been useful, action-packed, and at times even mind-blowing.

The route was as follows:

More: SVO-GVA-NAS-DFW-BNE-MLB-SIN-CTA-BLQ-FCO … OMG!