Eugene Kaspersky and other senior Kaspersky executives talk to SC editor Paul Fisher from the Virus Analyst Summit
This was all part of the action at the Summer 2009 Kaspersky Virus Analyst Summit, held in the ancient city of Dubrovnik, Croatia. I was part of the group of security and IT focused journalists invited to spend three days with Kaspersky's top brass and senior analysts.
Of course, charismatic CEO and driving force of the company Eugene Kaspersky was there to lead the troops and charm the journalists. I got a slot with Eugene on the first evening of the get together. The ever-present grin was there of course. So was the handsome looking cigar that Kaspersky puffed on through our interview, that he decided should take place on the balcony of his sumptuous corner suite.
What I really wanted to know was what he and Dmitry Medvedev had talked about when the Russian President visited Kaspersky HQ recently. Did they talk about cybercrime?
"Sadly no, there wasn't time. But I have had previous talks with high level [Russian] police officers and surprised to see that they understand the problem and are okay to co-operate with other countries. They understand that it is an international problem and I am sure the President understands that also,” he says.
Cybercrime is a theme that Kaspersky returns to frequently and he feels that the existing international police forces, such as Interpol, are still lagging behind in expertise.
"There will have to be some kind of international organisation or perhaps a new department within Interpol. We are dealing with a criminal ecosystem that knows no boundaries and where the victim may well be the endpoint of a sequence of events that take place continents apart.
Are we in danger of losing the fight against the gangs, and who are they anyway? "It's an arms race – sometimes we are ahead, sometimes we are losing. Without internet passports, without an internet government we can't fight these guys. A lot of these criminals are very well educated and a lot of these criminals are from Russian speaking countries, Russia, Ukraine, Kurdistan"
However these criminals are emphatically not the traditional kind of gangsters as depicted in countless movies and TV shows. The traditional mafias are not smart enough to get involved in cybercrime it seems. They don't understand how this business is run, according to Kaspersky.
"The cybercrime ecosystem is very loose. They don't have ‘bosses', they don't know each other, they don't meet, they have complimentary networks. They are IT people - the idea that they could beat people up is unlikely!" he says.
Of course, without these criminals Kaspersky Lab and its rivals would not have a business and the last year has been very good for Kaspersky, especially in the US consumer market. Surely the real prize though is the enterprise market and taking on Symantec and McAfee?
"Of course!" he says, emphatically. "I fired two CTOs before we got the enterprise product right! But it's a different market - it takes time to get established. Enterprise buyers have to have a budget to change from one vendor to another and that can take years. But we are developing the Kaspersky brand. There is no other company with so many experts, so many speaking experts - most of them are at this conference. The enterprise market is not just about good products but also about relationships – we are now developing these services and products to compete with the big guys," he says.
The next day I met with Alexander Gostev, head of the global research and analysis team at Kaspersky Lab. Just 25 years old he knows more about viruses and their behaviour than probably anyone on the planet. He patiently answered my questions around what I still think is an exaggerated threat of mobile viruses - i.e. an epidemic that never happens. But it could be about to change.
“We've seen an increase in Trojans, which is a copy of the situation we saw with the PC, worms to Trojans. The mobile networks can control worms because they are passed on networks but they can't control Trojans,” he says.$0$0So why so much complacency, such as mine? “Because people have heard about it for five years but nothing has happened – they think it is a bit of a myth."
But the new mobile platforms may well prove challenging for the anti-malware vendors and end the myth as Gostev explains. "Android is much more vulnerable to viruses because it is so open – whereas the only way to legally install an iPhone app is to buy it from the App Store where they have been checked by Apple. But even then Apple will put legal and copyright matters before security. It will only be a year before we see malware for Android. There will be an explosion of Android devices – netbooks and smartbooks."
There is a certain degree of mutual admiration between virus writers and anti-malware developers - they are after all coders at heart, just on different sides of the track. Indeed when we mention Conficker, Gostev talks in admiring tones.
“It's extremely well-written, the best piece of malware for years, no errors, the code is beautiful. They encrypted the exchange of information between infected machines using MD6 encryption which is a serious level of cryptography."
"But we were surprised with what happened with Conficker. The result of all this hype was just two extremely banal actions – rogue anti-malware and spam. No new worms. No stolen data. Very banal but it all points us back to the fact that it is all about the money," he says.
While Eugene Kaspersky was calling for better co-ordination and structure in international law enforcement, his director of R&D Europe, Maksym Schipka, says more needs to be done by the software vendors to produce secure code.
"It's not security that sells the product it's features. The whole way software is developed needs to change. They need to do more to produce robust code in the first place. There is at least one bug in just 64Kb executable. Even the best achievable result gives five bugs in every 1,000 lines of code - usually 50 are the norm. But even if all the vendors trained developers to the best standards there are more and more and more third party apps that need to be constantly patched," he says.
And that's the real challenge. “The barrier to entry is now much lower than even just five years ago. Microsoft has done a good job of reducing the surface of attack on Windows but the focus of attack is switching to applications, which are exploding in number. The malware writers are not limited by commercial and legal constraints, they're only limited by their imagination,” he says.
We end at least on an optimistic note. The combination of malware and Web 2.0 applications may well be a ‘perfect storm', combining people's gullibility with Trojans and other attacks but it also means that protection is already there according to Schipka.
"This is one area where the endpoint solution actually shines. In Web 2.0 you have the code stream and data stream, which by themselves are not malicious. But at the endpoint they get merged to deliver the payload - but if the AV is there, it's ready to catch it," he says.