Tag Archive for antivirus

Kaspersky’s Intelligent Move

The latest move by Kaspersky Lab is definitely intelligent, perhaps a little too intelligent.

Computer security vendors are beginning to offer integrated cross-platform security for Windows, Mac and Android devices, with Kaspersky Lab leading the pack with its Internet Security—Multi Device 2015. At first glance it looks like déjà vu, as good or as bad malware protection as any other on the market. However, Kaspersky’s has a new feature — it protects all the devices you own, up to five of them. Convenient.

Initial reviews are good: http://www.pcworld.com/article/2459156/kaspersky-internet-security-2015-multi-device-review-new-interface-same-excellent-protection.html

From a business standpoint this makes perfect sense – uncluttering  the security arrangements of your devices and bringing security to one simple point. This should upend the competition that is selling long lines of unrelated programs.

However, there‘s another angle here. The simple truth is that a security system for your computer takes over your computer, whether you like it or not. So when you have a bunch of different security products, each one of them controls only the device for which it is intended.

One of the most reliable means of accessing all data in a computer is via its security system. But, with some technical exceptions, the ultimate targets of most security or intelligence organizations are people, not their computers per se. This means that if someone wants all your data on all your devices, and chooses to do so via your security system, he has to have control of all your security systems. Not too difficult, but certainly cumbersome in a large-scale outfit. Inconvenient.

Here comes a great innovation: one-stop shopping for  all your data – an integrated security system for all your devices. All your data can be obtained via a single security system. Convenient.

It’s not a big secret that Kaspersky Lab has cozy relations with the Russian Government and thus is a valuable resource for the latter. There was a lot of debate related to Kaspersky Lab and their relations to the Russian Government, someone even suggested once that they have a lot of customers and just one client.

I’d prefer to leave that to the reader’s judgment, but simply caution that in any case integrating all your devices via one security system makes you an easier cyber prey, and may be unwise, Kaspersky or not.

 

Symantec Dead Wrong, Again

In a recent Wall Street Journal article Symantec declares the current antivirus products dead and announces their “new” approach to cyber hacking: instead of protecting computers against hacking they will offer analysis of the hacks that have already succeeded.

http://online.wsj.com/news/article_email/SB10001424052702303417104579542140235850578-lMyQjAxMTA0MDAwNTEwNDUyWj

This is the equivalent of a pharmaceutical company failing to develop an effective vaccine, and offering instead  an advanced autopsy that hopefully will determine why the patient has died.

At its core this approach is based on two assumptions: 1) that developing effective antivirus products is impossible, and 2) that detecting damage that has already been done is easier than defending the computer.

Let’s take a quick look at both these assumptions.

It’s true, of course, that Symantec, along with a few other cyber security vendors, has failed to develop anti-hacking protection systems, because all these systems were based on the same fatally flawed firewall technology. However, that doesn’t mean such products cannot be developed if they are based on valid new cyber security principles. Cloning for one.

The second Symantec assumption, that they can detect the damage already done, doesn’t look convincing either. It’s hard to understand how one can “minimize damage” when the damage has already been done. Moreover, detecting damage, especially stolen data, is significantly more difficult than the task they have already conspicuously failed at. Modern malware is very good at morphing itself, possibly multiple times, into a variety of forms, splitting itself in several components and hiding in the depths of increasingly complex operating systems.

The bottom line is that it’s true that the currently deployed antimalware technology is dead– but this “new” approach is even more dead. The only likely benefit is that the participants will get a few billion dollars from the Government for their “advanced” research.

Conclusion:  instead of offering a cyber coroner’s facilities we’d be much better off developing fundamentally new technologies.  Essentially, new cyber vaccines.