I haven’t seen the sixth Mission Impossible movie – and I don’t think I will. I sat through the fifth – in suitably zombified state (returning home on a long-haul flight after a tough week’s business) – but only because one scene in it was shot in our shiny new modern London office. And that was one Mission Impossible installment too many really. Nope – not for me. Slap, bang, smash, crash, pow, wow. Oof. Nah, I prefer something a little more challenging, thought-provoking and just plain interesting. After all, I have precious little time as it is!
I really am giving Tom Cruise and Co. a major dissing here, aren’t I? But hold on. I have to give them their due for at least one scene done really rather well (i.e., thought provoking and plain interesting!). It’s the one where the good guys need to get a bad guy to rat on his bad-guy colleagues, or something like that. So they set up a fake environment in a ‘hospital’ with ‘CNN’ on the ‘TV’ and have ‘CNN’ broadcast a news report about atomic Armageddon. Suitably satisfied his apocalyptic manifesto had been broadcast to the world, the baddie gives up his pals (or was it a login code?) in the deal arranged with his interrogators. Oops. Here’s the clip.
Why do I like this scene so much? Because, actually, it demonstrates really well one of the methods of detecting… unseen-before cyberattacks! There are in fact many such methods – they vary depending on area of application, effectiveness, resource use, and other parameters (I write about them regularly here) – but there is one that always seems to stand out: emulation (about which I’ve also written plenty here before).
Like in the film, the emulator launches the object being investigated in an isolated, artificial environment, which encourages it to reveal its maliciousness.
But there’s one serious downside to such an approach – the very fact that the environment is artificial. The emulator does its best to make that artificial environment as close to a real environment of an operating system, but ever-increasingly smart malware still manages to differentiate it from the real thing, and the emulator observes how the malware has recognized it, so then has to regroup and improve its ’emulation’, and on and on in a never-ending cycle, which regularly opens the window of vulnerability on a protected computer. The fundamental problem is that the functionality of the emulator tries its best to look like a real OS, but never quite does it perfectly to be the spitting image of a real OS.
On the other hand, there’s another solution to the task of behavioral analysis of suspicious objects – analysis… on a real operating system – one on a virtual machine! Well why not? If the emulator never quite fully cracks it, let a real – albeit virtual – machine have a go. It would be the ideal ‘interrogation’ – conducted in a real environment, not an artificial one, but with no real negative consequences.
Last year I told you how, as part of our Global Transparency Initiative, we had plans to undergo an independent audit to receive SOC 2 certification. Well, finally, we can announce that we did undergo this third party audit… and passed! Hurray! And it wasn’t easy: it took a lot of work by a great many of our K-folks. But now that’s all behind us, and I’m very proud that we’ve done it!
So what does this mysterious SOC abbreviation stand for, and (whatever it may be) why is it needed?
Ok. The abbreviation stands for Service Organization Controls, and SOC 2 is a report based on the ‘Trust Services principles and criteria’ of the American Institute of CPAs (AICPA) [CPA: Certified Public Accountants], which evaluates an organization’s information systems relevant to security, availability, processing integrity, and confidentiality/privacy. Put another way, this is a (worldwide recognized) standard for audits of information risk control systems. Its main aim is to provide information on how effective a company’s control mechanisms are (so other companies can assess any risks associated with working therewith).
We decided to seek SOC 2 to be able to confirm the reliability of our products and prove to our customers and partners that our internal processes correspond to the highest of international standards and that we’ve nothing to hide. The audit for us was conducted by one of the Big Four accounting firms (I can’t tell you which as per the respective contract’s terms and conditions, in case you were wondering). Over the past year different K-departments have been working closely with the auditors sharing with them all the information they’ve needed, and that includes R&D, IT, Information Security, and our internal audit team.
The final report, which we received this week, confirms the soundness of the internal control mechanisms used for our automatic AV database updates, and also that the process of developing and launching our antivirus databases is protected against unauthorized access. Hurray!
And if you’re a customer, partner or state regulator, please get in touch if you’d like to see a copy of the report.
That’s all for today folks, but I’ll be back tomorrow with a quick rewind back to STARMUS and some more detail of the presentations thereat.
You may have already heard about the big change at the Kompany last week. However, big changes are nothing new to us! Ever since we began 22 years ago, it’s been non-stop change, change, change — and always for the better, naturally. Change has basically become our profession! Here’s why…
If we don’t understand the direction technology’s developing in, that hardly bodes well for the future. And I don’t mean because nobody will buy our products. Maybe there’ll be no one around to buy them in the first place!
Joke :)
I’m sure everything will work out just fine. Technology’s changing the world for the better. Sure, new possibilities bring new risks, but it’s always been that way.
But our job, accordingly, is to look into the future: to recognize risks, remove them, and prevent them from arising again. Otherwise, defenses will always be a step behind attacks, which is no defense at all. In the cybersecurity industry, you need to be able to anticipate what cybervermin have in mind and set traps in advance. Actually, this ability has always set us apart from our competitors. Remember NotPetya — one of the most infamous global epidemics of recent years? We caught it out proactively, without the need for any updates.
So crucial is this looking into the future, that we decided to launch a social media project based on it, called Earth 2050.
What is Earth 2050? It’s a totally open crowdsourcing (sorry for the trendy jargon) platform for looking into the future. By that I mean it’s a place where anyone at all — be they a minister or a street sweeper — can share their vision of the future, in writing or painting or graphics or whatever. Or, if you’re not into clairvoyance yourself, you can Like and comment on the predictions of folks who are. There’s something for everyone.
Looking into the future is important. Yes, we’ve got that. But why is all this openness so clearly important that it forms the basis of Earth 2050?
Well, the future’s difficult to predict. One person’s attempts have a good chance of turning out to be off the mark — and that’s understandable and natural. But predictions about the future by many people — even if they’re only partly accurate, and even if they’re a bit sketchy or contradictory — add up to a lot more accuracy. It’s a bit like the principle of machine learning. The more a machine learns, the better it’s able to do something — in this case, predict the future.
So far, nearly seven dozen visionaries have uploaded nearly 400 predictions to Earth 2050 — and some reeeaaal interestingly curious ones are in there, I have to say.
Once upon a time, long, long ago, we had a pet pig. Not a real one – and it didn’t even have a name – but its squeal became a famous one. Now, those of you who’ve been using Kaspersky Lab products for decades will no doubt know what I’m referring to. For the relative newbies among you, let me let you in on the joke…
In the cyber-antiquity of the 1990s, we added a feature to our AV product: when it detected a virus, it gave out a loud piggy-squeal! Some folks hated it; others loved it!
But after a while, for one reason or another, eventually the piggy squeal disappeared; incidentally – as did the ‘K’ icon in the tray, replaced by a more modern and understandable symbol.
Now, any good company has a circle of devoted fans (we even have an official fan club), and we’re no exception. And many of these fans down the years have written to me imploring us to ‘Bring back the pig!’ or asking ‘Where’s the ‘K’ in the Taskbar gone?!’
Well not long ago, we figured that, if that’s what folks want, why not give it to them? And since these days customizing products is really simple… that’s just what we did. So, herewith, announcing…
… the return of the piggy! :)
Right. So how do you actually go about activating its squeals and bringing back the ‘K’? Here’s how:
In one of the most recent versions of our personal products was added an update (19.0.0.1088(e), which, btw, internally is codenamed ‘K icon and pig’!). And the update works for all our personal products: KFA, KAV, KIS, KTS, KSC and KSOS.
All this talk of piggies and Ks… but might they affect the quality/ speed/ efficiency/ effectiveness/ whatever of our products? Simple answer: no – in no way at all. Nice. Right – back to all this talk of piggies and Ks…
Here are the instructions:
Make sure you have update 19.0.0.1088(e) or later, with the default settings applied;
Make sure you have Windows 7 or older (for example XP) (sorry folks, this doesn’t work on Windows 10);
Right-click on the product’s icon in the Taskbar, choose ‘About’, and here we apply some magic…
Now type IDKFA (in caps, like here);
Next – download a test file (a file that pretends to be a virus): eicar test file;
The file won’t download though (the product blocks it in the browser), and instead of the download window opening – you guessed it: piggy squeal;
You can change the icon in exactly the same way, only you need to type IDDQD instead of IDKFA. Btw: if you type it a second time, the icon will revert back to the standard one.
And if you’re wondering why on earth you need to type IDDQD or IDKFA, check this out ).
So there you have it. The pig is back. As is the K! Well, we had to make up for the ‘Lab’ being dropped, right? )
About five years ago we launched an interesting project – our own Business Incubator . Why? Because there are a lot of great ideas out in the wild that need nurturing to grow and develop into something great. And we have the resources to help them do this! So we’ve been scouting for cool innovative ideas and giving startups ‘wings’ to fly.
One of the most successful examples of projects from our Business Incubator is Polys, launched in 2017. It’s an online platform for electronic voting based on blockchain. I’ve already mentioned it in this blog. But briefly: it’s safe, anonymous, unhackable, and what I think is more important – very easy to use and suitable for any kind of voting. I personally believe that the future of voting is indeed online and blockchain. Polys has already been officially used by Russian political parties, student bodies, and regional government organizations. And I’m sure that these are just the first steps of this KL nestling.
We’ve another up-and-coming Incubator project on board – Verisium. This is an IoT platform for customer engagement and product authentication. Especially needed in the fashion industry, it helps fight the counterfeiting of luxury products, and gives brands the ability to track product lifecycles and gain marketing insights into how products ‘live’ and perform. Verisium has already launched a number of joint projects with Russian designer brands – involving clothes with NFC chips on blockchain.
However, though it’s doing really well, the Incubator wasn’t enough for us. So we decided to scale-up the way we work with startups and innovative companies, while focusing on something we know rather well… cybersecurity!
At the end of May (so, in a matter of days) we’re launching a new program that will run globally – the Kaspersky Open Innovations Program. We’re doing it to build an ecosystem that allows for transparent conversation and fruitful collaboration between businesses and innovative cybersecurity companies around the globe.
To start-off, we’re launching a global startup challenge. We’ll be looking for startups that already have products, or MVPs, or even prototypes; we’ll be looking for those who already have something to sell, or already have had some sales and now need more. Since we’ll be neither investing in these companies, nor acquiring them, we’ll keep the focus on finding solutions that can truly benefit from being embedded with our technologies or integrated with them to maximize protection capabilities.
Another goal will be to take the results of our collaboration with startups – and their many new innovative products, solutions, services, etc. – to companies of different sizes around the world.
So, if we’re not investing and not acquiring, what are we actually offering? As a global company, we’ll help startups scale up globally by supporting their further product and business development. But probably most importantly, we’ll be providing an opportunity for startups to build a partnership with us and a chance to sit at the same table with the big guys and global companies.
Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car, I want to return to the automotive theme for this post. Because coming up there’s a new chapter in the ~250-year history of the automobile. It’s a biggie in itself, but there’s a security aspect of this new chapter that’s even bigger. But I’m getting ahead of myself. Time to engage reverse, and go over this biggie first…
And just recently I was at the food processing plant of Barilla (our client, btw) in Italy, and saw more automation than you can shake a spatula at: the automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks – which aren’t yet automated but soon will be…
So, self-controlled/self-driving vehicles – they’re here already, in some places. Tomorrow, they’ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly to a set of rules, has a little chance of degradation of productivity. Therefore, cars won’t only travel within the prescribed speed limits, they’ll do so faster, safely, comfortably, and of course – automatically. At first there’ll be special roads only for driverless vehicles, later – whole cities, then countries will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?
That out the way, now comes the interesting bit – the reason for so many words in this here blogpost. Let’s go!…
Many folks still think we’re just an anti-malware company. Wrong!
Many folks think we’re an anti-malware company that protects their computers and smartphones from any and all kinds of cyber-evil better than anyone else. Right!
Thing is, we’re not just an anti-malware company anymore; far from it. For years already we’ve been providing broader cybersecurity faced with the broader and broader spectrum of cyber-bad that the world is coming up against. This includes protection against: cyberattacks on both the Internet of Things and industrial facilities.
We’ve been warning about the potential for cyberattacks on industrial objects and critical infrastructure for more years than I can remember now. We were banging on about it even before Hollywood got wind of this alarming potential, and that was in the mid-2000s. And we weren’t just banging on about it either; we were busy at work on serious protection technologies to fight it. I’ve mentioned these before, but, briefly: industrial cybersecurity, transportation cybersecurity, IoT protection, and our own secure operating system. And you won’t find many cybersecurity companies around the world that offer a range of products and technologies as wide as that.
All the same, still, today – in 2019! – we’re ‘that anti-malware company’ to a great many. However, very slowly, how we are perceived is changing. And that’s not just what I see myself – there are figures that prove it. Example: global sales of our industrial infrastructure solutions (KICS – industrial ‘antivirus’ :) ) grew in 2018 by 162%! And such growth was seen across nearly all regions – Europe, Latin America, the Middle East and Africa, Asia-Pacific, and Russia. We’ve already completed 80+ projects worldwide for a wide range of industries from power generation, mining and oil refinery, to beverage production.
Both the scale and complexity of threats in the industrial sphere are on the up; what’s more, at stake here is critically important infrastructure like… nuclear power plants. I’m sure I don’t have to tell you how serious that is. On the brighter side, thankfully, our industrial/infrastructure customers understand that protecting their kit requires an individual, tailored approach to each facility and each of its automated industrial control systems (ICS).
Btw, in 2018 our KICS was given as an example in four subsections of multifaceted ‘Operational Technology Security’ in a study by Gartner, the global research and advisory company. To me this shows one thing: that we’re the recognized leaders in the industrial cybersecurity market. Ahhh, that feels satisfying. All that work and investment hasn’t been for nothing!
But besides cutting-edge industrial security, we also have other new services and products. For example, Blockchain Security; specifically, Crypto-Exchange Security and ICO Security (ICO being ‘initial coin offering‘; like an IPO, only with cryptocurrencies, and mostly for startup companies). And we already have some successful projects under out belt! Which is nice to know since Gartner reckons that the blockchain market, come 2030, will be worth more than… three trillion dollars! Already today crypto-exchange turnover comes to more than 300 billion dollars, out of which around 1.2 billion was stolen… in just 11 hacker attacks. Looks like we’ve got our work cut out for us. Oh well. No rest for the wicked awesome ).
So what else have we in our box of tricks? Ah yes…
Now, you’ll know how the whole world these days buys, sells, and generally does business mostly online, right? What you may not know about is our solution to protect all that online business – our Fraud Prevention. It’s made up of all sorts of very cool security technologies, including behavioral biometry and machine learning (details here and here).
Another must-have for business is our DDoS Protection. This uses special sensor software that gets installed on a company’s server. It monitors traffic to collect data for behavioral analysis; it builds up this data to continually improve its ability to detect even the most subtle of behavior anomalies that are characteristic of the start of a DDoS attack. The service is full-on all-inclusive too: notifications are sent immediately about possible attacks, and there’s an option for all the traffic of a company to be redirected to KL’s Cleaning Centers and for only ‘clean’ traffic to be returned to the company. And after an attack a full report on its detailed analysis is sent to the company.
It’s all very well having all this super-duper cyber-tech, but what good is it if the human element isn’t taken into account? In crisis situations, often the PR people of an attacked company take by far not the best decisions, since they don’t really know what’s going on or what to do. Instead of minimizing damage, they make it worse with ill-advised announcements or – worse – not announcing anything to customers/the public. Therefore, we have KACIC – a set of anti-crisis communications tools backed by the whiz kids in our PR team, who understand better than most all the reputational risks of an attack on IT infrastructure. Forewarned is forearmed!
As the Fourth Industrial Revolution continues to develop and the IoT market grows and grows to change every sector of the economy (manufacturing, agriculture, commerce, urban infrastructure, transportation…), we’re putting lots of time and investment into transportation cybersecurity and protection of IoT devices; so much so I think our next breakthrough tech solutions will be in these fields. That time and investment runs parallel with my frequent calls for a thing I call ‘cyber-immunity’, which needs to replace what we have now – ‘cybersecurity’. This means a protective layer at the very core of system architecture, not placing one on top of essentially un-secure systems based on outdated technologies. We’ve already learned how to do this for IoT gadgets; next up – well, the sky is the limit!…
“Online voting – it’s the only thing that’ll save democracy, since the younger generations will only vote if they can do so online”. This is something I’ve been saying for years now. Younger generations – ‘digital natives’ – are used to doing a great many things online instead of off-line; it’s what they’re used to and what they prefer, and that needs to be understood, accepted, and embraced. If not, only the folks who have been used to going to polling stations in person will be voting – the older generations: hardly a good, balanced, representative cross-section of the adult population.
Statistics show that voter turnout has been declining steadily in established democracies since the 1980s. Reasons for this vary: there can be crises of trust in the authorities; in some places there are problems with access to voting facilities. There’s even a new social sub-grouping of largely passive participants in the political system: interested observers – folks who are interested in what’s going on around them but don’t get involved in any of it. And this isn’t some tiny, insignificant new sub-group either: in the U.S. it’s said to reach nearly 50% of the adult population! And these interested observers look like the ideal target audience for online voting: folks used to getting news and information from the internet – and that includes of course the younger generations right down to millennials. To have the best chance of high voter turnouts for elections, voting needs to be a simple, natural addition to a typical daily online routine. Social networks – checked; a few photos – uploaded; online purchases – made; (for some) a day’s work performed largely online – done; (for some) online gaming – done; online voting – also done.
Online voting systems around the world have been developing slowly for quite a while. When the first online vote took place I’m not sure, but I do recall how in January 2003 the Helkern worm (aka Slammer) nearly derailed some inter-party elections of a Canadian political party. The first e-elections at state level were those in 2007 in Estonia. Online voting continued to slowly proliferate in other countries, but with differing degrees of success. Why? Because there is the obvious question of security – the high risk of a hack and direct manipulation of the voting process; this issue, btw, has often been raised by critics of online voting. In 2014 a group of experts conducted a penetration test on the Estonian e-voting system. Not only did it find that it was real easy to install malware on the servers of the system, but also that, theoretically, the result of the voting could be changed – leaving no trace of that having been done whatsoever. In 2015 there was the electronic voting scandal in Australia. Here, a New South Wales election used the iVote online voting system, but it was found that around 66,000 votes could have been compromised via a hack of the voting site.
Clearly the above all shows that online voting systems need protecting (authorization, connection, transaction), and that includes the storing and counting of the results (server-cloud part). This idea came about in our business incubator a few years ago, which eventually led to the introduction at the end of 2017 of the Polys project – a platform for electronic voting based on blockchain.
All data relating to voting (including the final results) are stored not on servers but in blocks of data on the devices of all voting participants, which makes the platform simply unhackable. It provides anonymity of voting, and also permits hiding interim results – the final result becomes known to participants only after all counting is completed. But what’s more important – the Polys platform is convenient, simple, and suitable for any kind of voting – even… to decide what colors the roses should be in the local park! Indeed, the overarching mission of Polys is to bring the pluralism of opinions and happiness for all to the masses :). But don’t just take my word for it. Have a look for yourself! That the future is blockchain-voting many agree with.
And if you think this is all just theory, here’s some fresh news: Polys has been officially used already! In Russia’s Saratov region the local parliament elected deputies for its youth parliament. 40,000 folks voted! And last year the platform was used for conducting similarly-sized voting for Russia’s Higher School of Economics. And I’m sure this is only the beginning…
So there you have it – we’re saving the world yet again but in a new way: protecting voting against fraud. So if you need to run a vote on something, no matter how trivial or how important, and you want to be able to guarantee voters it will be 100% protected, 100% fair – check out the Polys site!
And for those interested in the technical side to Polys – go here; you should find all the answers you need there. In short, have a look, try it (it’s free for now), get a feel for it, and tell your colleagues and friends about it!
Let me kick off by paraphrasing a rather famous philosophical postulate: ‘Does a profession determine man’s social being, or does his social being determine his profession?’ Apparently this question (actually, the original) has been hotly debated for more than 150 years. And since the invention and spread of the Internet, this holy war only looks set to be extended for another 150, at least. Now, I personally don’t claim to support one side or the other; however, I do want to argue (based on personal experience) in favor of the dualism of a profession and being, since they mutually affect each other – in many ways and continually.
Toward the end of the 1980s, computer virology came about as a response to the growing proliferation of malicious programs. Fast-forward 30 years, and virology has evolved (rather, merged – in ecstasy – with adjacent fields) into the cybersecurity industry, which now often dictates the development of being IT: given inevitable competition, only the technology with the best protection survives.
In the 30 years since the end of the 1980s, we (AV companies) have been called quite a few different colorful and/or unsavory names. But the most accurate in recent years, IMHO, is the meme cyber-paleontologists.
Indeed, the industry has learned how to fight mass epidemics: either proactively (like we protected users from the largest epidemics of recent years – Wannacry and ExPetr), or reactively (using cloud-based threat-data analysis and prompt updates) – it doesn’t matter. But when it comes to targeted cyberattacks, there’s still a long way to go for the industry on the whole: only a few companies have sufficient technical maturity and resources to be able to cope with them, but if you add an unwavering commitment to expose any and all cyber-baddies no matter where they may come from or what their motives might be – you’re left with just one company: KL! (Which reminds me of something Napoleon Hill once said: ‘The ladder of success is never crowded at the top’.) Well it’s no wonder we’re in a lonely position (at the top of the ladder): maintaining that unwavering commitment to expose literally anyone is waaaaay more expensive than not maintaining it. And it’s waaaay more troublesome given the ongoing geopolitical upheavals of late, but our experience shows it’s the right thing to do – and users confirm this with their wallets.
A cyber-espionage operation is a very long, expensive, complex, hi-tech project. Of course, the authors of such operations get very upset and annoyed when they get caught, and many think that they try to get rid of ‘undesirable’ developers by using different methods via manipulation of the media. There are other, similar theories too:
But I digress…
Now, these cyber-espionage operations can remain under the radar for years. The authors take good care of their investments kit: they attack just a few specially selected targets (no mass attacks, which are more easily detected), they test it on all the popular cybersecurity products out there, they quickly change tactics if the need arises, and so on. It’s no stretch of the imagination to state that the many targeted attacks that have been detected are just the tip of the iceberg. And the only really effective means of uncovering such attacks is with cyber-paleontology; that is, long-term, meticulous collection of data for building the ‘big picture’; cooperation with experts from other companies; detection and analysis of anomalies; and subsequent development of protection technologies.
In the field of cyber-paleontology there are two main sub-fields: ad hoc investigations (after detecting something by chance and pursuing it), and systemic operational investigations (the process of planned analysis of the corporate IT landscape).
The obvious advantages of operational cyber-paleontology are highly valued by large organizations (be they state or commercial ones), which are always the primary target in targeted attacks. However, not all organizations have the opportunity or ability to undertake operational cyber-paleontology themselves: true specialists (for hire) in this niche line of work are few and far between – and they’re expensive too. We should know – we’ve plenty of them all around the world (with outstanding experience and world-renowned names). Thus, recently, given our strength in this field and the great need for it on the part of our corporate customers – true to the market principles of supply and demand – we decided to come up with a new service for the market – Kaspersky Managed Protection (KMP).
Fairy tales and fantasy stories have long dispelled the myth about the invincibility of global storybook power brokers and villains (as for us, for more than 20 years we’ve been busting the very same myth in cyberspace). Every Voldemort relies on security of his diary, his ring, his snake, his… well, I guess you know all about the Horcruxes. And the success of your war on villainy, whether fairytale or virtual, depends on two key qualities: perseverance and intellect (meaning technology). Today I will tell you how perseverance and intellect, plus neural networks, machine learning, cloud security and expert knowledge — all built into our products — will keep you protected against potential future cyberthreats.
In fact, we have covered the technologies for protection against future cyberthreats before (more than once, a lot more than once, and even for laughs). Why are we so obsessed with them, you may wonder.
It’s because these technologies are exactly what makes robust protection different from fake artificial intelligence and products that use stolen information to detect malware. Identifying the code sequence using a known signature after the malware has already sneaked into the system and played its dirty tricks on the user? No one needs that. “A poultice on a wooden leg,” so to say.
But anticipating cybervillains’ patterns of thought, apprehending the vulnerabilities they’ll find attractive, and spreading invisible nets capable of automatic, on-the-spot detection — only a few industry players are capable of that, sad but true. In fact, very few, according to independent tests. WannaCry, the decade’s largest epidemic, is a case in point: Thanks to System Watcher technology, our products have proactively protected our users against this cyberattack.
The key point is: One cannot have too much future cyberthreat protection. There is no emulator or big-data expert analysis system able to cover all of the likely threat vectors. Invisible nets should cover every level and channel as much as they can, keeping track of all objects’ activities on the system, to make sure they have no chance ever to cause trouble, while maintaining minimum use of resources, zero “false positives,” and one hundred percent compatibility with other applications to avoid blue screens of death.
The malware industry keeps developing, too. Cybervillains have taught (and continue to teach) their creations to effectively conceal themselves in the system: to change their structure and behavior, to turn to “unhurried” action modes (minimize the use of computing resources, wake up on schedule, lie low right after penetrating the target computer, etc.), to dive deep into the system, to cover up their traces, to use “clean” or “near-clean” methods. But where there is a Voldemort, there are also Horcruxes one can destroy to end his malicious being. The question is how to find them.
A few years ago, our products beefed up their arsenal of proactive technologies for protection against advanced cyberthreats by adopting an interesting invention (patent RU2654151). It employs a trainable objects behavior model for high-accuracy identification of suspicious anomalies in the system, source localization and suppression even of the most “prudent” of worms.