Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation!

Hi all!

Today I’d like to talk about the future. About a not-so-glamorous future of mass cyber-attacks on things like nuclear power stations, energy supply and transportation control facilities, financial and telecommunications systems, and all the other installations deemed “critically important”. Or you could think back to Die Hard 4 – where an attack on infrastructure plunged pretty much the whole country into chaos.

Alas, John McClane isn’t around to solve the problem of vulnerable industrial systems, and even if he were – his usual methods of choice wouldn’t work. So it comes down to KL to save the world, naturally! We’re developing a secure operating system for protecting key information systems (industrial control systems (ICS)) used in industry/infrastructure. Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on.

Operating System Code

But first – a little bit of background about vulnerable industrial systems, and why the world really needs this new and completely different approach of ours.

More: The defenselessness of industrial systems …

From Columbia to Colombo.

Hi all!

Now, if you’re not too hot on geography, I’m writing this from Washington, D.C., with the D.C. standing for District of Columbia, don’t you know. There’s another Washington – Washington state – on the other side of the American continent, but without the D.C. There’s a Colombia – the South American country; then there’s Columbia University in New York; there’s Columbo – the TV detective fond of beige sack-like raincoats; and to add to the confusion, round the other side of the globe there’s Colombo – the largest city of Sri Lanka (formerly Ceylon), which is where we’re headed today.

Our three days in Washington whizzed past like a film on fast-forward: As per, we were whizzing about all over the place getting to event after event. And I really mean whizzing – just like a (non-D.C.) squirrel in a wheel – unlike the local squirrels here, which royally, haughtily and languidly stroll about parks as if they own them – not the easily-startled beasts I’m used to.

I won’t tell you all about all the events we took part in here – there’s not much point and it’d probably be pretty dull reading! (Note to event organizers/participants – your events were not dull to me :) I’ll just share with you one comment about the Billington Cybersecurity Summit where I got to speak about cyber threats, more info on which you can read here.

I really enjoyed personally meeting a whole lotta highly placed officials at the event and discussing with them in some detail the topic of cybersecurity and fighting computer maliciousness around the world. I was pleasantly surprised by how much these ladies and gentlemen – on whom a lot of US policy and thus security depends – know about the subject, and especially pleased to discover that their positions are very much like mine. Phew.

Work done, come Saturday we were able to get a bit of sightseeing in. We even managed to visit a couple of museums. The National Museum of Natural History we didn’t think too much of – all those dug-up mastodons and dinosaur bones look kind of unconvincing. While the Air and Space Museum… oh yes – that was more like it. All sorts of interesting stuff to see there, from the Wright brothers’ first airplane to the very latest drone. There are Messerschmitts, an SS-20, a Pershing, copies of Skylab and Apollo-Soyuz, and so on and so on. I decided against taking photos – there are plenty on the Internet. But it’s best to see it all in the flesh, of course.

The White House

More: Columbia-Doha-Colombo …

In Denial about Deny All?

In just a dozen or so years the computer underground has transformed itself from hooliganistic adolescent fun and games (fun for them, not much fun for the victims) to international organized cyber-gangs and sophisticated state-sponsored advanced persistent threat attacks on critical infrastructure. That’s quite a metamorphosis.

Back in the hooliganistic era, for various reasons the cyber-wretches tried to infect as many computers as possible, and it was specifically for defending systems from such massive attacks that traditional antivirus software was designed (and did a pretty good job at). These days, new threats are just the opposite. The cyber-scum know anti-malware technologies inside out, try to be as inconspicuous as possible, and increasingly opt for targeted – pinpointed – attacks. And that’s all quite logical from their business perspective.

So sure, the underground has changed; however, the security paradigm, alas, remains the same: the majority of companies continue to apply technologies designed for mass epidemics – i.e., outdated protection – to tackle modern-day threats. As a result, in the fight against malware companies maintain mostly reactive, defensive positions, and thus are always one step behind the attackers. Since today we’re increasingly up against unknown threats for which no file or behavioral signatures have been developed, antivirus software often simply fails to detect them. At the same time contemporary cyber-slime (not to mention cyber military brass) meticulously check how good their malicious programs are at staying completely hidden from AV. Not good. Very bad.

Such a state of affairs becomes even more paradoxical when you discover that in today’s arsenals of the security industry there do exist sufficient alternative concepts of protection built into products – concepts able to tackle new unknown threats head-on.

I’ll tell you about one such concept today…

Now, in computer security engineering there are two possible default stances a company can take with regard to security: “Default Allow” – where everything (every bit of software) not explicitly forbidden is permitted for installation on computers; and “Default Deny” – where everything not explicitly permitted is forbidden (which I briefly touched upon here).

As you’ll probably be able to guess, these two security stances represent two opposing positions in the balance between usability and security. With Default Allow, all launched applications have a carte-blanche to do whatever they damn-well please on a computer and/or network, and AV here takes on the role of the proverbial Dutch boy – keeping watch over the dyke and, should it spring a leak, frenetically putting his fingers in the holes (with holes of varying sizes (seriousness) appearing regularly).

With Default Deny, it’s just the opposite – applications are by default prevented from being installed unless they’re included on the given company’s list of trusted software. No holes in the dyke – but then probably no excessive volumes of water running through it in the first place.

Besides unknown malware cropping up, companies (their IT departments in particular) have many other headaches connected with Default Allow. One: installation of unproductive software and services (games, communicators, P2P clients… – the number of which depends on the policy of a given organization); two: installation of unverified and therefore potentially dangerous (vulnerable) software via which the cyber-scoundrels can wriggle their way into a corporate network; and three: installation of remote administration software, which allows access to a computer without the permission of the user.

Re the first two headaches things should be fairly clear. Re the third, let me bring some clarity with one of my EK Tech-Explanations!

Not long ago we conducted a survey of companies in which we posed the question, “How do employees violate adopted IT-security rules by installing unauthorized applications?” The results we got are given in the pie-chart below. As you can see, half the violations come from remote administration. By this is meant employees or systems administrators installing remote control programs for remote access to internal resources or for accessing computers for diagnostics and/or “repairs”.

Employee IT-security violations

More: The figures speak for themselves: it’s a big problem …

Kaspersky (Server) Anti-Spam: No Longer the Underdog; More Top Dog.

There’s an old Russian saying: As you start the New Year – that’s how you’ll spend the rest of it.

And this year started rather well for us: First, we were awarded Product of the Year by the Austrian testing lab AV-Comparatives; second, we broke the record on the number of points from Germany’s AV-Test.org; and third, we secured the top grade from Virus Bulletin in the UK. But after that pleasant start to the year things just got better, with the number of medals on our lapel going up and up and up! There were top marks in comparative testing of our proactive protection by Matousec; we were No. 1 in testing of our Application Control function by West Coast Labs; and we also secured excellent results in testing of our mobile security product (pdf) by PCSL. But we didn’t stop at serial-wins with our personal products; we also tore up the competition with our corporate ones; for example, in the August round of testing by AV-Test.org both KIS and KES were awarded 17 and 16 points, respectively – both higher than all the other competing solutions.

So, as you can see, in the first eight months of 2012 we’ve had rather a lot of good news. But never enough good news for me to forget to praise our ever faithful and pioneering AV lab (which praise I think it appreciates – so expect more victorious bulletins from the malware front soon!).

On this backdrop of positivity and optimism, the more deeper-delving observer might remark, “ok, your antivirus technologies come top-of-the-class across-the-board, but what about your NON-antivirus technologies – the important whistles and bells that add to a solution’s completeness and thus overall usefulness – like for example anti-spam?” All-righty: that’s what I’ll address in this post.

Just recently the results of Virus Bulletin’s VBSpam testing were released in which our new Kaspersky Linux Mail Security (KLMS) – unexpectedly for our competitors but quite expectedly for us – was among the winners – actually second – with an outstanding result of a 93.93% spam catch rate and 0.01% false positives. “Who wants to come second?” might come the refrain from those used to nothing but first place for KL. But in answer I’d say, “I do!” Here’s why…

VBSpam Comparison Chart

More: It’s not for nothing I write ‘outstanding’ in italics……

Kamchatka-2012: Fishes, Not Phishes!

Days 20-22 (6-8). Rafting.

Kamchatka’s hardly known for its rafting: none of the rivers are all that lengthy – only long enough for three or four days rafting at the most. Calm rapids, calm swells. Almost all the rivers I know about here are pensioner-level! Therefore, rafting on Kamchatka is recommended only as an addition to other activities, as a wind-down exercise to allow those blisters a brief respite, and of course to get one’s fill of fresh fish!

Kamchatka Dock

More: The fish menu …

Kamchatka-2012: Tolbachik and the Northern Fissure.

Hardy tourists are attracted to Tolbachik in high season like… like office workers to social networks during office hours! But this year there were even more tourists than usual – maybe too many. The Leningrad Base we were staying at was filled with more than a hundred tourists from different countries – with groups from Poland and Germany among others. But this is quite understandable really, since there’s so much to see here. Besides the black-red desert and hills of the Northern Fissure there’s also Ploskiy (Flat) Tolbachik to check out – a must …

More: Kamchatka-2012: Tolbachik and the Northern Fissure.. . .

Tianjin – Moscow – Simferopol – Yalta.

Hi all!

Ready. Steady. Go!

The season’s traversing the globe – rather, the northern hemisphere – has begun with gusto.

First up – Tianjin (天津, “Heavenly Passage, Ford”), China, which is approximately 100 kilometers southeast of Beijing en route to the sea. The city (actually, its central district – along the banks of the river) is really impressive to look at – but not in the more traditional Chinese sense of hustle and bustle and lots of folks and bicycles; instead – one of calm, quiet neat-and-tidiness, plus very few folks – and fewer bikes. Some of the parks are almost like those in… er, a much smaller nearby country, which I’d better not mention just now.

Tianjin

Along the riverbanks there’s a kind of fusion of styles going on here. Looking at the new buildings and bridges you’d be forgiven for thinking you’re in Paris, a bit later on – London; over there there’s a totally-Tokyo (oops) skyscraper, round the corner there was an Italian quarter… (we didn’t manage to see that, or plenty of other places worth checking as we only had an hour for our walkabout). The river is the Hai (海河) btw, which means “sea-river”.

More: The place where famous pics of FDR, Churchill and Stalin sat together were taken …

Star City.

Greetings all!

Here we are again. September. The holiday month of August over, and it’s back to work – which for me means back on the road or, rather, in the plane. This season is set to see me doing my usual globetrotting thing, but with the itinerary including some new countries and new events. Goodo, gotta keep some novelty in there! The schedule needs to stay real flexible as plans can easily change real quick, as experience has shown many times. This year I may even break my previous record – or maybe better put, dubious record – of 100 flights made in a year. This year I’ve already notched up 59… (I keep careful count of them, just in case).

But between Kamchatka and the next whirlwind tour, I really wanted to “lay low in MOW” for a few weeks, get my bearings, regroup, ground myself, and all that – and re-familiarize myself with the abode and city I – on paper – reside in. I figured this necessary as I’d started forgetting which switch is for the kitchen and which for the hall! Thus, today – a story and pics about a trip to a really interesting place in the Moscow Region – the Yuri Gagarin Cosmonaut Training Center in Star City. This place is really something – I highly recommend a visit. A day excursion can be arranged where they show and tell you all, let you poke and prod the various exhibits and climb inside the spaceships in which they train cosmonauts (who keep appearing in the hall walking about to and fro, to the delight of the excursioners).

You can clamber inside the reentry capsule of Soyuz in which cosmonauts return back to earth. The guides go into all sorts of detail about space missions and the landing back on earth, about particular cases, and so on and on and on… I won’t tell you it all here. Best see it and hear it all for yourselves in the flesh.

Training Center Dummy

More: centrifuges, hydro-pool, planetarium and MIR space station …