Emulation: A Headache to Develop – But Oh-So Worth It.

What’s an ideal antivirus? Something that would feature the following:

  • 100% protection from malware;
  • 0% false positives;
  • 0% load on system resources;
  • No questions asked of the user; and
  • Lasts forever and is for free!

Like anything ideal though, this is of course a fantasy – quite unattainable in real life. But it’s nevertheless still worthwhile contemplating since it provides a fixed reference point for security developers: every company can then try to get as close to the ideal as it can within the limits of its financial and professional resources.

More: An important but unheard instrument to combat unknown threats …

Ferrari FF – Flippin’ Fast!

Hi all!

A little about my Ferrari FF test drive…

Now, I fully understand that for the vast majority in this world to drive a Ferrari or in fact any super car is a mere dream, and so my tales about Ferraris and Formula-One races may all seem a bit… politically incorrect – Clarkson style. But when out of the blue the Ferrari plant in Italy invites me over there to have a go in one of their mean-machines – well, I’m hardly gonna turn that down now, am I? And so why not let others know about it too?

Let’s face it, should ever the dream come true for you and you also one day get the chance to get behind the wheel of a Ferrari – it’s not as if you’d keep the experience to yourself, right? You’d tell others – wouldn’t you? :)

Ferrari

More: now with a clear conscience, I’ll continue…

Mobile Barcelona.

Greetings all!

// Note! Warning! Achtung Baby! To all Apple fans – read no further! But if you do, please forget about this post and don’t comment on it!

The MWC (Mobile World Congress) in Barcelona is one of the world’s key mobile events. It’s possible there to discuss the directions of development of mobile technologies, the pace of their expansion and improvement, and generally about industry goings-on.

Mobiel World Congress

What caught my eye this year most of all was what I saw to be the main change in the mobile landscape: the start of the end of the iPhone era. Indeed, it appears plain to me that the (mobile) party’s being rocked mostly by other brands now (a bit like Dubstep rocking formerly House clubs, but without being a flash in the pan:). I won’t go so far as naming those other brands here, but unless you’re a hermit – you’ll know which I’m talking about.

More: the iPhone era is now over …

Tearing Up the Rule Book.

“Tearing Up the Rule Book” is an informal motto we use in our high-level marketing. Looking back over our trip to the South Pole, sponsorship of the Ferrari Formula One Team, enrolling Japanese teen pop sensation AKB48, supporting the recent transantarctic expedition of Felicity Aston, and all sorts of other local events and promotions too, I think it’s fair to say that we pretty much totally tear up the rule book every time one is pushed our way.

And here’s a fresh example. But first a bit on the events leading up to it…

Last September, during one of my regular trips to Japan, my old acquaintance Okatani San invited all our party to a totally exotic restaurant.

The idea was to get all gluttonous on the tastiest of local cuisine – to the accompaniment of traditional Japanese Awa Odori dancing and singing, and then to join in the dancing and merriment ourselves.

Awa Odori

More: Tearing up the rule book at the Barcelona Carnival …

Halt! Who Goes There? Or Remedy #3.

Security people, sysadmins and, generally, all those who by virtue of their employment take loving care of corporate networks – all these people have plenty of headaches. Indeed, a veritable cornucopia of headaches. And, of course, the main source of trouble is… you guessed it, users. Tens, hundreds, even thousands of users (depending on your good fortune) who have problems 24/7. As for us, we try to help these ‘frontline soldiers’ get to grips with their headaches, using the full extent of our resources in our field of competence. Below, we discuss one very helpful remedy that fits this combat strategy to perfection.

There are, in fact, three separate remedies. But they all tackle one problem – keeping users under control. And there are helpful side effects – enforcing a centralized IT security policy, fool-proofing, and automating the ‘donkey work’. That’s right, I’m talking of three new features included in the new version of our corporate solution, Endpoint Security 8: application control, device control and web control. This post is about application control (or simply AC without the DC).

Most of the time it’s a struggle to keep computers clean. Users are given to downloading questionable “cool warez”, installing them, trying them out and forgetting all about them. As a result, in half a year the computer normally turns into an unmanageable software zoo, becoming unbelievably error-prone and slow. And, of course, the abovementioned “cool warez” can easily be virus-ridden, pirated, or at best counterproductive.

There are different ways of getting out of this predicament. Some companies wag their finger at users and strictly forbid them to install software on their computers (without actually enforcing a ban). Others simply make installing software impossible in one way or another. AC is, in fact, an elegant compromise between the two.

Read more: So how does it work and who’s the best?

Features You’d Normally Never Hear About – Part Four.

Hi all,

Once again, the subject is spam.

Depending on the “stars” and the time of year, the proportion of spam can range from anywhere between 70 and 90% of all email traffic.

Sounds like a lot, eh? But when you take all Internet traffic into consideration, it’s not actually that much – email traffic accounts for around just 1%. On the other hand, you can’t just forget about spam. Here is a bit more about spam’s role in the cybercrime ecosystem. Combating this particular evil is part of the massive war we are waging on cybercriminals. It’s no exaggeration to say that if we fail on this front, the rest of our efforts will amount to nothing.

In other words, we love anti-spam technologies and promote them as much as possible. There is, however, a subtle difference from anti-malware technologies. More precisely, there are different criteria for evaluating the quality of protection for anti-spam and anti-malware technologies. For malware it’s fairly easy: the higher the detection level, the better. For spam it’s more important to have no false positives. This is quite reasonable: it’s much better for the user to take a couple of seconds to delete a spam message that sneaks through the filter than miss important business correspondence. So, protection against spam is, in a way, a more complicated task, literally trying to kill two birds with one stone. In this difficult task, cloud technologies are a great help.

As I wrote earlier, we’ve been using cloud technologies for a while, and with considerable success. But one interesting detail has amazingly been overlooked, and unfairly so. In the cloud-based Kaspersky Security Network (KSN), (video, details) there’s a rather impressive anti-spam cloud. It started from the Urgent Detection System (UDS). The link to similar anti-malware technology is no coincidence: both are based on similar principles.

This is how the traditional anti-spam technology works.

Let’s say an email arrives at a computer. It is immediately assailed by various anti-spam technologies, both local and cloud-based, which test the message and give verdicts. Based on these, the system decides whether this message lives or dies.

And this is what happens in the UDS.

The system takes a micro-signature from the email message and sends it to the cloud to check it against a dedicated spam database. Earlier we used 16-byte hashes; in 2011 we started the UDS2 (UDS 2nd generation) procedure involving 4-byte fuzzy hashes, which are more effective against obfuscated texts and are therefore better at filtering out spam. Importantly, these hashes do not create extra work for the analyst, since the system creates them automatically based on collected spam samples.

Read more: Serious ambitions for the elite 100/0 club …

Woodpecker Summit 2012.

The main occasion of our recent series of events in Cancun was the Security Analyst Summit (SAS) – the supreme congress of KL’s most distinguished virus analysts (woodpeckers; why woodpeckers? – see the full story here) and invited external security experts, who come together to boast about their achievements; exchange ideas, opinions and experiences; and, of course, do some informal networking.

Security Analyst Summit

The idea of the woodpecker summit goes back years. Its inception came in 1997 in Prague. We decided to reject the status quo – the usual boring model of what a summit should be about – and rethink the whole idea from scratch. What we came up with was a mostly informal get-together in comfortable surroundings in a distant, original location to discuss our technological breakthroughs. And one such breakthrough happens to have been the basic blueprint of our antivirus engine – named after the Czech capital where it was ‘born’. Clearly something was working with the summit format.

There followed rather a long break, but then in the early 2000s the tradition was kick-started again and these micro-conferences (in which only our employees took part at first) started being held sometimes several times a year. Since then there’ve been 15 of them.

Then in 2009 this tradition was updated and expanded – to version 2.0: transformed into much bigger, non-KL-exclusive, annual “woodpecker summits” in warm climes and with a serious intention to make the summits the main yearly event of the industry. Our latest – the fourth – was in the sunny Mexican resort of Cancun – coming across, I think, as a serious pronouncement of our present status. We had some 100+ attendees from 14 countries, great presentations and plenty of awesome team building. More details are in the guest post below from our Senior Virus Analyst, Yury Namestnikov:

Read more: SAS 2012 unleashed …

A Break Well Deserved – Mayan Style.

With three events (Security Analyst Summit, international press tour, and IT-security industry analysts’ conference) in Cancun over and done with (which completed the last leg of more than three weeks on the road at conferences, etc., etc., etc. all around the world), and the very last guests all having left, a little nostalgia was already setting in for the great times we had in the place… everything was just so very positive, interesting and fun – especially the evenings; extra-specially the Mexican Yucatan nights – yee-ha!

So let me tell you a little about the three ‘best bits’ – what you really must see in Yucatan if you ever get the chance to visit the place.

First – Chichen Itza (the Mayan pyramids); second – Cenote Ik-Kil (for swimming); and third – Rio Secreto (underground caves); not necessarily in that order. All must-visits!

A few pieces of advice: in Rio Secreto it’s better to leave your camera outside the cave – otherwise it’ll just get ruined down there from being submerged in water. But not to worry – every group of visitors to the caves is accompanied by a photographer who knows exactly how to keep his camera dry above water level. There are three different routes in Rio Secreto – all taking approximately 90 minutes to complete – at first by foot, then up to one’s knees in water, then swimming, then… just anyway, anyhow, as best you can :)

Indeed, a massive ‘big up’ to Rio Secreto . And I recommend buying one of the CDs with photos at the exit – the CDs contain great pics of both underground and surface scenes, plus ones of all the wildlife to be found in the caves.

For Chichen Itza you need to take camera equipment, bathing suit, plus towel – that’s about all you need for a great day’s chillage there.

It goes without saying that all the touristy spots are lined with densely packed stalls hawking the inevitable mass consumption tat. “Onnly van dullaar, senyor!”

The pics below show where the Mayas played their ancient version of basketball. Legend has it that one of the teams in the final after the game would be sacrificed for the gods. Which team wound up dead after the match – the winning or losing one – is not known: scholarly opinion is divided on this.

Swimming in Cenote Ik-Kil is one of the most magical swims in the world! The purest water, at the perfect temperature, at the bottom of a kind of deep sinkhole with long dangling plants hanging from high above. I really recommend it. One problem though is that it’s tricky taking good photos there – it’s quite dark below and very light above L.

That’s all folks! And now, for several days I’m going to be in full offline regime, somewhere here:

View from the plane

The rest of the photos are here.