Malware is no longer a mere cyber vandalism, it
serious, profitable business. Revenue from its creation permit
finance work on the next generation of pests that apply
sophisticated programming techniques to bypass security
operating systems and detection by antivirus scanners. Whether
anti-virus software developers are able to win in this
the race? Is created by these tools can still
effectively protect against cyber attacks, which include not only today
PCs with Windows? About these very issues – and not just about them
– We talked Ondřej Vlčekiem, COO
Company Avast, one of the largest software vendors
protective in the world.
Ondrej Vlcek is Avaście since 1995. He started as a simple
programmer to become in 2003 the main programmer, 2007
the technical director, and since last year – director
operational. This young and brilliant man is more than
a programmer, a trained mathematician who specializes in
nonlinear optimization methods. This interview is the result
conversation I conducted with him shortly after the
This year’s version of Avast security software
Free Antivirus.
dobreprogramy: What do you think about the trend of converting
comprehensive anti-virus software security suites?
Is not it better to stick to the KISS principle (Keep it simple, stupid)?
Ondrej Vlcek: KISS principle is always good, and that is why
We keep her in our free tool, Avast Free Antivirus.
It uses the same antivirus engine as our products
Premium because we believe that all internet users deserve
protection. At the same time we offer our customers comprehensive packages
additional features protective mechanisms to improve
the convenience of using them as such there is a need
market.
What are the challenges for manufacturers of Windows 10
Software?
To adapt our products to Windows 10 were not needed
major changes. We had only slightly modify a few
components to work properly, but there was no need
make any changes in behavior or communication throughout
software.
What is the actual value of traditional detection methods
malware by using signatures in the modern,
increasingly hostile computing environment?
Using traditional methods to detect malware today already
not enough. At the beginning of our activity
odnotowywaliśmy from one to five new pests per day.
Virus writers wrote it for the fame. Today we are dealing with
organized cybergangami, czerpiącymi of the financial benefits.
Daily we note 200 thousand. pests, have a mutation in the
days or even hours. They can not be caught by traditional
methods. Since the malware started to resemble Big
Date (large, diverse collections of data the processing and
analysis is possible using simple means of formal –
ed. ed.), we have to use statistical analysis to its
detection.
Do you then anti-virus solutions can be
replaced by something like the
start with loud
last platform EPP, which was advertised as a successor to today
using security software?
It’s nothing new. Some antivirus programs today
They offer dynamically detect patterns startup. Avast launches
Such dynamically detect when the program goes to sandboksa
(safeguards that isolates suspicious software on the system
Operating – editor. ed.) and collected logs are his
action. If you are in them signs of suspicious behavior, file
is blocked.
Is polymorphic pests (malicious software that
The same modifies its code to avoid detection detection signatures –
ed. ed.) can be effectively detected and isolated on weaker
computers and mobile devices?
Yes, these pests appeared for the first time in years
nineties, when computers were much slower than
today, but managed to detect them.
What about the pests, which began to directly attack
The same anti-virus software? How to protect against something,
which actively fights our security?
That’s right, antivirus software may be attacked by present in
these gaps and vulnerabilities. That is why we announced programs
hunting for bugs to patch these vulnerabilities faster (depending on
importance of the discovery, Avast offers from 400 to 10 thousand dollars for
detected in its software bug that would jeopardize
security – editor. ed.). Of course pestscan
try to directly damage your files anti-virus, kill it
processes – and that is why Avast features a module
self-defense.
What kinds of pests they are today the most effective and
The most troublesome for you?
From the perspective of anti-virus programs all pests
look basically the same, their form is hidden code
encrypted. Pests often change, which makes for us
issuing important collections of signatures as soon as possible in order to
protect our users.
How today arise pests? Which of the methods of creation
pests today are the most effective?
Malicious software is built mostly by groups
experienced programmers. Designed by these pests are
usually wrapped in layers polymorphic packers and
encryption, which change very quickly, being
a challenge for antivirus solutions.
What do you think about technique known as Return Oriented Programming
(attack method allows for the submission of malicious code with the command
another running program – ed. ed.):
It is used to bypass such safeguards as
Address Space Layout Randomization (ASLR) and Data Execution
Prevention (DEP). Today is used in the majority of exploits,
as more and more software is compiled from
support for ASLR and DEP.
What is your opinion about the pursuit of isolation and
containerisation in the modern software, ie. Virtualization
building sandboxes (sandboksów), etc. ?
Insulation and containerization is a step in the right direction, because
It helps to separate the two processes, decreasing the surface
attack. However, if the same sandbox will be errors,
pests of the escape and the entire security becomes nothing
worth it.
Today, more and more applications use their own
sandpits, we get multiple layers of security, but is it
actually a good way to decentralize security issue
drop to individual applications?
It depends on how the security layer is written. As
I have already mentioned, if the sandbox will vulnerability
malware from her escape and infect the machine.
Do you then you can still create a truly safe
general purpose operating system?
Creating a completely secure operating system is not enough
likely. However, creating an operating system that is
safer than today used, it should be possible. FROM
On the other hand security largely depends on the
users. Lack of knowledge and awareness of the issue makes
people are victims of attacks exploiting engineering
social, such as phishing. They can lead to
run malicious software – and in such cases
Even the most secure system can be infected.
What is the story with formally verified systems such
as SEL4? (kernel system, which found no errors for
by formal mathematical methods – ed. ed.)
I like this approach, when applied to specific
IT security issues. However, Avast provides solutions
protection for millions of people and therefore we have to look at
risks in a more comprehensive manner. Having a small,
formally revised kernel is only the beginning in the whole stack
sensitive security issues. Behind these sensitive issues
follow the possible vulnerabilities or design flaws in the system
operational and software. In many cases, the user
It runs the applications as persuaded him that it was harmless
application. The question is: what can be achieved by implementing such
specific solution, so what’s left will still
aggressor to achieve its objectives – to gain access to data
Username or control over the computer.
You created a version of your package protection for
OS X. How would you rate the overall level of system security
Poppies, it is better or worse than the Windows tool in?
General Security OS X is better than Windows PCs, but
major reason for this is that it has fewer users,
It makes it less interesting target for attackers. As
increase the popularity of Macs, however, we see more and more attempts
the attack on the system.
Is OS X is a manufacturer of antivirus software
difficult environment to work than Windows?
It depends on the perspective from which to look at it. To create a
solution for Macs, you need to have a different set of skills
development, involve people with experience of
Unix, since OS X shares a lot of code from FreeBSD.
Experience with writing such software for Windows does not
just because in matters related to security of need
use of specific interfaces provided by
operating system vendors. At this point, Microsoft is
more open, more willing to provide documentation of their APIs than
Apple. But the fact is that both the platform are susceptible to
threats and both manufacturers try it this close and
secure systems alone. However, none of them is
able to independently detect all threats and protect yourself
against attacks, especially those that are focused on
trick users through phishing and other techniques
social engineering. Therefore, the market there is room for
specialized security solutions for both Windows and
OS X.
If you were a co-creator of Windows, which would in
they changed to make them safer?
Windows systems are used around the world. That
Because of their history and the need to preserve compatibility
for years they have not entered into any significant changes. I Like
approach, in which each application is in your sandbox
and its powers are clearly defined, as it is in the system
iOS. If there are no exploits, we solved it
a lot of problems – though of course not all. Thus
what I want to see the Windows tool in applications
sandboxes. The equivalent of something like that prepared in
Avaście. If you have a CPU with support for hardware
Virtualization is potentially problematic startup
applications, eg. of unknown origin, we can isolate it, so
that its code could not affect the operating system, other applications
and data.
What do you think about biometric authentication on PCs? Whether
this can ever replace the classic pair of login and password?
Biometrics is a good alternative, but a pair username / password forever
They will be needed, even in emergency situations. E.g,
if your fingerprints will be stolen, hackers could too
use them to gain access to all of your accounts, and you would rather not
you go to a surgeon to change fingerprints with new ones. No need here
Moreover hackers, besides just think of a situation in which
you hurt your finger. The ability to log on to your account
a traditional password is required.
Do you think the Internet stuff is more opportunity or
threat to our life, both virtual and
physical? What can we do to protect these small, unsupported
Things internet devices from attacks of pests?
The Internet of Things is an opportunity. The threat comes from people –
both producers and consumers ignore the basic principles
safety necessary for this type of product.
a serious problem on the Internet Items are primarily
routers through which merge with the remains of the device.
Many users are not even aware that their routers
They have administrative panels, which should change the default
device password. If your router uses the default password, and
so it is today, more than half used worldwide equipment
this class, hackers can easily access and opportunity to take over
control of the hardware. The same applies to all terminals
Internet of Things – if possible, it is imperative
change their default passwords.
The second important issue is the vulnerability at the same routers. Their
software is written in low-level code, usually in
C, and this means that many of their problems have not been adequately
solved, many routers are vulnerable to attack. Another important
the problem is the lack of automatic updates – of users
It depends on whether or log on to the control panel and manually
update the firmware. As you might guess, few are
does.
No comments:
Post a Comment