Complete Transcript of Interview – Randy Abrams - ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
January 24 2009
Alan: Everyone who knows that if you are going to be on the Internet, whether you are banking online, shopping or buying products, or just surfing the Web, you must protect yourself with anti-virus, anti-threat software and have a reliable firewall.
Thus, you install free anti-threat, anti-virus software, thinking that you are saving yourself some money. But, are you really getting a good bargain or is the question you should be asking yourself, “What is the true cost of free anti-threat, anti-virus software?”
Our guest today is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Hey, Alan. It’s great to be back. Thanks for having me.
Alan: Randy, we are seeing more and more companies offering, “Free anti-virus, free anti-threat software.” We are now even seeing Microsoft joining the pack and giving away free protection software. I mean, how does that affecting the industry?
Randy: Windows Defender actually was their anti-spyware that’s actually built into Windows Vista. However, Microsoft OneCare was how Microsoft first entered the anti-virus industry unless you count what came with .6.2, which was pretty much thought of as a “joke.” OneCare was a paid solution that was almost free, anyway.
There were a couple of years that Microsoft offered that they picked up 2% market share. The biggest effect Microsoft had on the industry was in lowering the prices of anti-virus software for the big players; because McAfee and Symantec have added features to their software and dropped the prices to match Microsoft.
The industry for years had people giving away free anti-virus software and companies like ESET that sell our products based on its quality have been growing and quite well, anyway.
Alan: Microsoft puts out a series of patches the second Tuesday of every month and it seems like the patches just keep growing and growing and these are security problems they find in their own operating system. My question is – How can they come up with a complete protection plan if they are having so many security problems in their own system?
Randy: Nobody comes up with a complete protection plan. The group that works on the anti-virus is entirely different that works on the operating system. And an operating system is a huge thing that means nobody has figured out how to write complex code without bugs in it.
Microsoft’s object and aims with their free anti-virus is just to try to get people who currently not using anti-virus software at all to at least just use something. For those people, regardless of Microsoft’s having security problems with the operating system and all operating systems have security problems. It’s still better for those people to use something rather than nothing at all.
Alan: Well, that’s why I like to trust a company whose sole objective is basically to protect us. ESET builds security software; they don’t build anything else. That’s what they are known for; and that’s exactly what they do.
Randy: True. It is our focus to provide only security software. We do our best to protect our customers and our customers are whom we owe our loyalty to. Microsoft is a publicly traded company, so they have stock and stockholders that they have to answer to. However, ESET has no stock. ESET has to answer to its customers.
Alan: And if you don’t do the job right you don’t have customers. This is not a case where one part of the pie doesn’t work; but business can go on. If you don’t produce a top notch, first class anti-virus solution you are out of business.
Randy: That’s true. If you don’t produce a high quality solution there is little incentive for people to pay for a product when they can get anti-virus software for free.
Alan: You need to have a company behind you like ESET whose sole purpose is to build security software and one of the reasons why I like ESET is that your Corporate Edition that protects big corporations is the same thing that I buy for my Home Edition. There is no difference, is there?
Randy: The only difference is that the Home Edition you update over the Internet; the Corporate Edition you can update over the Internet or a corporate administrator can download the updates and let the internal computers update of an internal server.
Alan: I always try to tell people, “If you are going onto the Internet it’s not like going down to your local mall. But when you go onto the Internet, the Internet is a window to the world and as you are going from site to site, you are actually going country to country and every time you go to a new site, it’s a different set of rules, isn’t it?”
Randy: Oh, absolutely. And even when you go to a single site, it often has links to content that come onto your computer from other websites that you are not even aware of. The Internet was not designed with any security in mind. The Internet was designed to be a full, redundant fail over network of communications.
There wasn’t a thought at that time that time about what if the bad guys get on this. So, we are playing a huge catch-up game trying to create a secure environment out of a fundamentally insecure structure.
Alan: The Internet was designed back in the days where we could blow ourselves up very easily at the touch of a button. Colleges needed to talk to other colleges, no matter what in the world governments did and so they made it almost foolproof so that you couldn’t stop traffic on the Internet. And now we have got it where you can’t stop traffic on the Internet. It is almost impossible.
Randy: They have completely succeeded in making it so that you couldn’t stop traffic on the Internet. You have to stop it on the node, and each computer is a node. You’ve got a computer; you’ve got a node and so you have got to protect your computer.
You will not going to do that with security software alone. It takes a combination of software and education, knowledge.
Alan: When you are talking about protection, you always talk about “protection in depth.” It’s not just having one fence around the house. You’re going to make sure that nobody is going to climb over the fence. This is a case where you have to have layers of defense, don’t you?
Randy: Absolutely. It’s extremely important to have multiple layers of defense. If you only have one layer, then you’ve got one point of failure and if that fails, then you are had. Your computer can be owned.
You need education, which is a layer of defense. You need a firewall; an excellent idea is also to have a router. You need good, strong passwords and you need high quality anti-virus that protects virus and Trojans and rootkits and spyware and adware and all those digital evils.
Alan: If you’re on broadband connection and you’re on DSL, you probably have some kind of router that has some kind of NAT system built in or even a firewall built in. But if you’re on broadband and you’re on cable, you have no protection. When you plug that directly into the back of your computer system, you better have some anti-virus, anti-threat and a firewall built into the computer system, don’t you?
Randy: You still better buy a good router. If you are plugged right into the cable box, you still should buy a router; they have become very, very inexpensive. On sale they can often be found for even less than $20 if it’s not a wireless router. That’s another layer of defense because that will give you the NAT, which helps hide your computer a little bit from the bad guys. Often they have some more advanced firewall capabilities, as well.
I don’t think that the cable companies or DSL companies should sell the boxes that connect your computer to the Internet without also insisting on a router.
Alan: Every time we have any kind of trouble with our connection to broadband on the cable, they always say, “Well, now if you have got your computer plugged directly into the cable box?” And I’m going, “No and I’m going to.”
To me that is just the most ridiculous thing for a company to tell you to do, because at that point if a customer doesn’t have a firewall in their computer system or doesn’t have anti-virus or anti-threat software they have just opened the back door wide open, haven’t they?
Randy: Absolutely. There is nothing between you and the bad guys when you are just plugged into the Internet. It’s not due diligence; you really need to have much better security than a plain direct connected computer.
Alan: It doesn’t take long for the bad guys to get into your computer system; because I’ve see people that have just now gotten a brand new computer and brought it home; connected to the Internet in order to get an update for the operating system – and in the time that they have logged onto the Internet to get the new patches they have already been infected. That’s about how fast it takes, right?
Randy: Yes, it can be less than 30 seconds, easily for an unpatched computer. You definitely need to have the firewall turned on. Windows XP originally had a firewall, but it didn’t ship with it enabled and it wasn’t until Service Pack II that they enabled it by default.
Even when I was working at Microsoft and (I worked there for a dozen years); there were times when you would set up a brand new computer on the internal network and it would get infected before you could patch it.
Alan: That makes as much sense as going out and buying a car and they hand you a box that has all the seatbelts and all you have to do is screw the seatbelts in, using the bolts that are provided. The odds are that somebody is going to take the time to install the seatbelts are slim and none, right?
Randy: Pretty much, yeah. Now, fortunately Vista ships with the firewall enabled by default; but there are a lot of people that don’t like using Windows Vista. It asks a lot of questions and user access control, which in theory is a good thing. But in practice a lot of users find it difficult and intrusive – so they turn it off. But, at least the firewall is on it, which means you can get onto the Internet and get your updates.
Alan: Randy, we were talking about router and firewalls. What is the difference between the two of them and what makes a good one?
Randy: The routers, technically all they do is allow multiple computers to use the same Internet connection. They route the traffic to and from the proper computer so if I’ve got 3 computers. So if I’ve got 3 computers at home and I send a request for a web page from one computer, it comes back to the same computer instead of coming to another computer.
A firewall is designed to block incoming and outgoing data when that data should not be coming or leaving the computer. Sometimes the routers will include a firewall.
Most commonly we have what we call NAT, (name, address translation) which provides each computer with a unique address. The NAT works a little bit like a firewall, but not a lot. A high quality firewall, but will actually inspect the data coming in and out of the computer and make more intelligent decisions about how to block it. There are both hardware firewalls as well as software firealls.
Alan: And then you need to have something on each individual computer; because if you go to a site and you get one of these big pop-ups that says, “Oh, you’ve been infected with such and such software. Do you want to install this virus protection – yes or no,” no matter where you click on that page, that page is one big button that says, “Yes, infect me.”
Randy: Yes, when you get that page, the best thing to do is bring up task manager and kill your browser.
Alan: People don’t realize that only the outside part of your browser belongs to you; the Web is feeding everything else up. They can fool you in so many different ways that you have to really be careful and you need to make sure that your anti-virus, anti-threat software is set up to catch these little nastiest, because once it tries to launch that’s where you come in, isn’t it?
Randy: Once you start to download it, it first gets downloaded to a temporary directory and that’s where we block it, when it’s being downloaded as a temporary directory, before it actually gets written out to where you would expect to run it.
Alan: You actually put it in its own sand box, your own little virtual computer and you look at and it says, “Okay, does this act like a duck; does it quack like a duck? Well I guess it is a duck and we’re going to make sure that it doesn’t go any further.” You look with your heuristics at it to see exactly what it’s trying to do. You don’t rely on the signatures, like a lot of anti-virus companies do.
Randy: So, we combine technologies. We use signatures, because signatures do have a place; but there places for things that we know about. For the unknown threat (the things that we have not seen before) we use heuristics, which are really very, very clever rules about what are good programs and bad programs do. However, when there is a brand new, unknown threat we have detecting and blocking it.
Alan: Randy, what are we looking as far as the price of your ESET Smart Security and your award-winning NOD32 Software?
Randy: ESET NOD32 Software is $39.99 for a one-year subscription for one PC. Now, if you go from a one-year to a two-year license or if you go from one PC to like a three-PC license then there are definitely price breaks for the different links and different numbers of users.
ESET Smart Security is $59.99 and that includes the firewall and the anti-spam – in addition to the NOD32 Anti-virus Engine. And again, for a two-year license there’s a price break and for 2, 3 and 4 user-packs there are price breaks, as well.
Alan: Randy, if somebody would like to find more information about your ESET Smart Security and your award-winning NOD32 Software, where would they go?
Randy: They can come to http://www.eset.com and I invite them to download a free Trial Version that works for 30 days exactly the same as the paid Version does. And they have general security questions; they can email me askeset@eset.com
Alan: You mean your Trial your Trialware doesn’t go out and do a scan of your computer and says, “Oh, we found these infections; now pay me?”
Randy: Oh, no. If it finds an infection it cleans it up and that’s included in the 30-day Free Trial.
Alan: Randy, as always, it’s our pleasure to have you as our guest here on Let’s Talk Computer, talking about how we can protect ourselves from all these new nastiest that come our way. We look forward to talking to you again real soon
Randy: I look forward to being back. Thank you so much.
Visit ESET on Facebook
Follow ESET on Twitter