AA: Education plays a major part in about being protected against Internet threats. And to tell us why, our guest today is Andrew Lee, Chief Technical Officer with ESET. And welcome back to LTC, Andrew. AJ: Hi, Alan, It’s great to be back. AA: Andrew, why is being educated about what kind of threats that could attack us so important? AJ: It’s pretty simple, actually. People seem to have this idea that the malware threats that are out there are really just a technology problem. But it’s not true. There are things that you can do without any technology whatsoever, to avoid getting caught by it. And it’s just like in real life, if somebody walked up to you on the street and wanted to just give you something that didn’t look quite right, you’d be a bit suspicious, but it seems that when we’re connected to the Internet, we get kind of confused and we get suckered into things too easily. One of my jobs is to make sure that people are educated about these threats out there and can learn what they can do without even having to download any technology or anything at all. AA: Used to be you know we would get a Virus and we would get some kind of Internet Threat because of something that was installed on our machine. But now days, most of this happens because of the human intervention, of doing something that they really shouldn’t have done. Is that true? AJ: I think that also the motivation for doing this changed. Back in the early days, the people who wrote Viruses weren’t really trying to do anything desperately malicious, they weren’t trying to defraud you. Most of them were trying to show that they could create something that would make CNN or would be on the Wild list. They wanted to make a creation of virus that would spread and they could brag to their friends. So, it was kind of a hobbyist activity. So, what we’ve found now in recent years and the Spyware phenomenon is a direct result of that except people have realized that you can use malicious techniques, you can use the software to actually defraud people, to actually make money. And now that there’s a commercial interest behind a lot of these things, that’s when a serious crime has gotten involved and so that’s when we have a need for people at the groups like the AntiSpyware Coalition and other industry groups who seek not only to educate the public but also influence government and make legislation of these things. AA: We’re seeing a lot of good people getting hurt because their identity is being stolen, their bank account is being drained and causing all kinds of havoc, aren’t we? AJ: I was reading an FTC report, (The Federal Trade Commission) and their report calculates that in 2005, around 250,000 people had some form of identity theft perpetrated against them. That’s a really significant number of people. And it might just be that once they had their credit card information stolen. It’s on the rise, identity theft is very real. It’s very inconvenient to people and there are people out there on the Internet who are using Malware techniques to gain access to that type of information.
AA: Well, what are you seeing as the worst (threat) one to come about in the last couple of months that are really attacking us? AJ: The thing that we’ve really noticed at ESET particularly is that we’ve seen a move away from kind of the mass mailings; the big spreading Worm type of things towards more locally targeted Malware. And what I mean really by that is a lot of these Spyware type objects, the Trojan dowloaders, key loggers, that kind of thing. When you actually go to the website, the bad website or whatever it is and you get one of these things downloaded to you in the background, however it comes down or you click on it in your email – it’s actually a different object every single time it’s downloaded and that makes it very, very difficult to detect with an Anti-Virus system, a traditional system that uses signatures. Signatures are there to identify a specific file. And if you’ve having it regenerated every five minutes, every minute in some cases, that’s very, very difficult to detect and the problem with that is that the user may have been compromised - they would never know about because that Worm didn’t spread or that Trojan didn’t spread far enough to ever come to the attention of the anti-Spyware companies or the Anti-Virus company or whatever. If you only ever get one Trojans in the whole world, it’s really such a small event in terms of anti-virus on the whole that people could easily miss it and the criminals have definitely caught on to this idea of auto generating their Malware so that it changes every single time. Kind of like the old idea of having a polymorphic virus that you used to see some years ago so that every time that it would infect a new file the code would change slightly. AA: Isn’t that where your heuristics takes over because we don’t wait for a signature to come into us? Your heuristics is going to look at what the threat is doing and take it from there. AJ: The whole idea of heuristics is as you say, to make sure that we can try to pick up on a new threat without having to have a signature for them. And it is really, trying to examine the behaviors of what these things are doing. And we’re trying to put a virus researcher on you machine with the heuristics. So that it can take a look at what the file that has been downloaded or come through your email is doing and it it’s doing something bad, then we’re going to hopefully stop it. So we at anti-virus companies or anti-malware companies have to be a bit smarter about the way that we are detecting. That’s why we have a system of detecting heuristics to make sure that we can pick up that type of threat, even when it’s one file to one user. It’s really important that they get protected from that, as well. AA: One of the things I always look for in anti-threat software is it’s got to be fast. It’s got to have a small footprint. I don’t want the anti-virus to be the only program that’s running on my system. And it has to get out the way until it does have a threat. And when it finds a threat it notifies me and then we go on.
AJ: I’ve often said that people don’t necessarily buy their computer just to run security software or anti-virus software. Most people have a job to do with their computer, whether it’s just browsing the Internet, writing an email, or whether it’s doing something like design or whatever it is that they do. Their primary concern isn’t necessarily running anti-virus software or running security software, so it important that you get something that suits you, that enables you to work, rather than slows you down and becomes an inconvenience because all too often when security becomes an inconvenience, or a real inconvenience, a hardship to actually use it and run it then people disable it because they simply can’t bear to keep it running. So, having something that is very heavy on the performance is bad. It’s something that we’re really aware from our customer’s point of view. What our customers tell us, the thing that they like about our software is that it is very fast and it doesn’t slow them up too much and that’s something we’re actually committed to keeping up. AA: In the last month, what threat that you have seen? AJ: There’s been a lot of news recently about the Worm VB.NEI. Now, that’s the most unexciting name for it. Unfortunately the Media kind of took that and ran with various names and I think people were really quite confused. Is it called Kama Sutra, is it called Blackmal, is it called Nyxem? But that was the one that made news. The potential for damage was there, but it wasn’t such a great threat that it was made out to be, but these threats make the news. They make the Media. AA: Sometimes we see the news present us this new viruses, new threat, and they could overblow it and now we’re trying to protect our system from something that’s non-existent and we could do more damage by yelling fire in a crowded theatre than just allowing the software to do its thing. AJ: This is why I really believe that education is so important. The greatest weapon that you have against Malware is your own knowledge. If you can work out the difference between the Media hyping a virus or between something that is really not big a threat and the threats that are really out there, then you’ve got an advantage because you know that you really don’t have to worry about this one but you need to worry about this other thing. Actually as Anti-Virus companies we knew about the thing four weeks before it hit the news. But the fact that activation date was going to be the 3rd of February was really what put it back into the Media’s attention. In most cases, the people who had anti-virus software installed would have had protection in place. As long as it was updated they would have been protection from that Worm. So, it wasn’t anything to worry about. What I always worry about is the people who just don’t have any protection at all. And part of being smart on the Internet, part of being wise on the Internet is making sure that you at least have the bare minimum of protection. You don’t go out and just leave your front door wide open when you go to the mall or whatever. You’re asking to be compromised, so most people would have enough sense to take precautions in the physical world and yet it seems that when we get online, we forget about things like security because we’re isolated from it somehow because we’re just sitting at screen and we can’t see the rest of the world out there. AA: We talk to a lot of people at the user groups and one of the things they are constantly asking use is “What should they look for in a really good product to protect them?” AJ: Having a legitimate anti-virus program that comes from a company that’s well-known that gets tested in magazines like Virus Bulletin, that appears in legitimate tests done by lets say AV-Test.org, that kind of thing. If the Anti-Virus program has got a history, it’s got certification by ICSA labs, it’s been tested. You kind of know that it’s a legitimate company that’s making it. That’s one thing. The next thing probably is how frequently is it updated? Are these people serious about keeping the product updated? Does it have good detection results? And too often it’s a focus on the numbers game, “Well, we detect 60,000 viruses! We detect 70,000 viruses! We detect 132,000 viruses!” That’s not a qualitative assessment of an anti-Virus product. I could detect 135,000 files, but I wouldn’t necessarily have a good anti-virus product. It’s really about what the approach is. We obviously believe that having something like heuristics is absolutely essential and the heuristics is there to protect you when the new things come out, when the new threats come out. And having signatures as a backup because those new threats don’t just disappear, they just don’t go away. You need to have the signatures there for a retrospective backup so that if things come through you’ve got protection against them. Do your checking, find out if it’s a legitimate company, take a look at some of the testing organizations, people like the Virus Bulletin. As you know, NOD32 has won more Virus Bulletin Awards than any other anti-Virus product. AA: Talking about being educated on all the different threats you have a special section there called Virus Radar that is dedicated to telling us about the new threats that are out there. AJ: It’s something that we’ve developed to try and help us, really because we need to know about the threats that we’re detecting heuristically as well. And it’s very interesting data for us, we thought it would be useful to the public as well, so you can go to virusradar.com and you can take a look the types of threats that we’re seeing out there, but we’ve also implemented the same kind of thing into the product itself, with the ThreatSense.Net technology which allows reporting. If the user wants to be part of that they can opt-in to the reporting part of it, and that gives us an even better picture of the threats that are really out there and what’s really happing in the world of malware. AA: If you have just one piece of advice that people are just going out and buying their computers, what would that be? AJ: That one piece of advice would be this. Get smart. The biggest weapon that you have against malware is your own knowledge. And if you do the research, get smart about the threats that are out there. You can take a look at our website, there’s a lot of information there; there’s lots of information on other websites. There are definitions and things on antispywarecoalition.org. That’s a great website; it has lots of definitions of things. Having a bit of common sense about how to work safely on the Internet – things like if something comes in email, don’t just double-click on a random attachment that you got. Don’t go and browse a lot of different sites, and try to get the free smilies or try and get the free iPod that they’re offering you because you don’t know what else is going down onto your machine. And the old saying, “There’s no such thing as a free lunch” is absolutely true. You’re not usually going to get anything for free. If you can get educated about the threats then you will be better equipped to deal with them and make sure that you use the technology for that, run them and make sure that you use them and keep them updated consistently. It’s really about trying to develop some education about what you’re doing on the Internet, how to work safely, how to be safe, how to do things to reduce the risk and then having the technology on top of that, things like Anti-Virus, things like heuristics, having all of those things in place on top of your own personal knowledge about the subject is going to make you much, much safer. AA: Andrew, it’s been our pleasure to have you as our guest here on Let’s Talk Computers, talking about the need for being educated about these Viruses and Threats and hope to have you back on the air again real soon. AJ: It’s been my great pleasure. Thanks very much, Alan. | 
ข่าวสารล่าสุด 