Complete Transcript of Interview – Randy Abrams - ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
June 6 2009
Alan: Even now it still amazes me about the unhealthy attitudes toward anti-virus and anti-threat protection. They seem to fall into two categories: The first one is, “The sky is falling! The sky is falling!“ or “I don’t need to worry about being out in a thunder storm. Lightning’s not going to hit me; the odds are just impossible!” Both of these are equally unhealthy attitudes.
Our guest today is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Thank you for having me back. It’s always great to be here.
Alan: I hear people talking all the time about “The sky is falling! The sky is falling!” I’ve even seen people that have more anti-virus, anti-threat protection on their computer systems than they have regular programs. That’s not the best way of looking it, is it?
Randy: No, it certainly is not. You need to mitigate the threat and you need to manage risk, but there is such a thing as being a hypochondriac, too.
Alan: When you go to such extremes trying to protect your system where you are running like three sets of malware scanners; you go to the Internet and just as soon as you get off you’ve got to run all three sets of scanners to see if you are infected and then when you come back and it says that you’re not infected, you then say that it must be the malware scanners that have been infected and I’m still infected.
Randy: That’s not a real healthy attitude and it doesn’t really help the user any. So, what’s better than adding a couple of more scanners is adding an education; because an educated user is much less likely to get infected, anyway. And then having one scanner as well as other types of security software makes a lot of sense.
Alan: As you said, “education” is the key, isn’t it?
Randy: Without education they are not going to make good decisions about how you use the Internet. You’re also not going to be able to effectively use a lot security options that are out there that really help mitigate the risk.
Alan: I’ve seen people who after they run the scanner they are kind of relieved that their scanners found that there was some kind of virus on their machine, so now they can feel good by removing it.
Randy: The idea is that, “I’m safe now because it found something.” What you don’t see is what is really scary. If you’re actually practicing safe computing habits the scanner shouldn’t find anything or there shouldn’t be anything that’s on your computer that’s infecting it.
If you’re using good judgment about where you go on the Internet you are generally going to trusted sites, not falling for ”Click on this link to get something free,” or “Click on this link because there is a problem with your bank account,” or “Open up this executable e-card,” or things like that.
You’re not doing those things and if you’re using the good sense about the Internet and how you deal with e-mail, then you really shouldn’t be encountering the threats very often, at all and generally if you do, a good scanner will catch that.
Alan: If you’re constantly going out and emptying your temporary Internet files and constantly emptying your temp directories, there is a point where you’re spending more time doing protection than you are just surfing the Internet or enjoying your computer. This is not the way to go, is it?
Randy: No. You want to constantly empty your temporary Internet files there is not a lot of harm in that, but what I recommend is to set up the browser to do that, automatically whenever you close the browser. It shouldn’t be that intrusive; it shouldn’t be a major part of your computing ritual unless that is what you really like using your computer for.
Alan: This just kind of reminds me of a little kid who is getting ready to go outside and play and have fun; but now his mother is dressing him up in all these extra coats and everything else so that he can’t possibly be hurt, no matter what happens – but going outside, he’s got all this protection around him so that he can’t even possibly bend over and play!
Randy: It doesn’t make a lot of sense to overdo it and yes, you can overdo it. But, there are a lot of sites out there where you can learn a bit about computer security – and I recommend very strongly that people go to the website, http://www.besafeonline.org because there is a lot of really information about how to stay safe online. If you follow their advice you’re going to dramatically decrease the amount of risk; the amount of threats that you encounter.
Your anti-virus software isn’t meant to be an offensive army – it’s meant to be a last line of defense. You don’t want to be in the position where you take “a lot of shots on goal.” If you take enough shots on goal, it’s going to get through no matter what. If you’re really smart about how you use your Internet then you don’t have to worry about it that much, just stay alert and make good decisions.
Alan: You talk a lot about what they call “defense in-depth,” where you have multiple layers, where you don’t just rely on one layer to protect yourself. That’s important, isn’t it?
Randy: It’s extremely important. Education is one layer of defense in-depth; using a high-quality anti-malware product such as ESET Smart Security or ESET NOD32 Anti-virus also is a layer of defense. Having a personal firewall, which in the case of ESET Smart Security where there is a personal firewall that’s built-in. If you’re just using a standalone anti-virus product, then you want to make sure that you have a good firewall – that’s another layer of defense.
I use Sandboxie, a wonderful program, but to use it effectively you do need a little education; you need to understand things like you have to empty the sandbox pretty religiously and you have to know when need to things outside the Sandbox – in fact updating your browser so it’s permanent or adding favorites, things like that. But, generally it doesn’t take a lot of effort with a little education and this adds yet another layer of defense to help keep your data safe and your online experience safe.
Alan: You don’t want to go overboard like this newest virus that is supposed to do so much damage on April 1, called Conficker that everybody was paranoid about this, that, “This was going to attack every computer in the world.” It didn’t, did it?
Randy: And actually, there is nobody is educated about it that thought it was going to attack every computer in the world on April 1. In fact, a lot of people completely misunderstood what it was about and the threat is still there and the threat was there was there before April 1; the only thing that we knew was happening on April 1 was it was changing how it looked for some instructions. If you were infected, it could have changed the date that it updated itself and then anything, at any time. It’s still possible to do that.
Conficker has been completely misunderstood by most people and if you were paranoid about it on April there’s no reason to be less paranoid about it now. If you weren’t infected with it, the versions that have been triggered on April 1 wasn’t even infecting new computers. It was only the ones that were already infected that got updated to that version and it stopped infecting.
Alan: But if you listen to the TV and you read the news articles, the media just blew this thing so far our of hype that it was the worst thing that had ever happened to computers since day one!
Randy: If you read my blog, it said, “No, it’s really not – just use some common sense!”
It was pretty easy to tell if you were infected by it. If you were infected by it, your Windows Security sensor wouldn’t work properly; you couldn’t go to security sites. So, actually it was easy to tell if you were not infected by it. If those things were happening; it could be Conficker, it could be any other number of threats. Yes, the hype was really bad; it was uncalled for.
Alan: It’s like this wonderful line that I hear in the show called “Men in Black” where they are talking about “Oh, there is an alien battleship above the earth and if people knew about it that if it was going to destroy the earth in a couple of hours they would panic.”
And then the guy says, “Well, there’s always an alien battleship – that’s the way the viruses are. They are always there!
Randy: Yes, and to date, I don’t know of anything malicious other than spreading and infecting that Conficker has done. We haven’t seen it being used like a typical Botnet so we haven’t seen it sending spam; we haven’t seen it stealing personal information; we haven’t seen it perform a denial-of-service attacks and yet people are more concerned about that than many, many seriously bad threats out there that there every day.
Alan: There are threats out there that if you don’t do patching, for a business it could wipe out the whole business, couldn’t it?
Randy: I’m not sure it could go as far as wipe out the whole business, but it can be really bad. It has cost companies like T. J. Maxx and Heartland and a few others hundreds of millions of dollars, if not more.
Yes, I guess, theoretically if they are supposed to go under due a mistake where critical data gets out due to threat, it doesn’t have to wipe it out to be bad news. It can make things really difficult and cause losses of sales, losses of business due to downtime. Businesses that didn’t patch were generally ones that got hit the hardest by Conficker, too.
Alan: We have no idea about how bad businesses have been hit, because only certain businesses are what they call “ponyingup” and saying that we have been attacked. The rest of them are afraid to mention that because their customers will go elsewhere.
Randy: At that’s their thought process. Generally, customers don’t go elsewhere because their business was attacked unless it has resulted in losses of customer information that was supposed to be confidential. Even then, we are finding that people still shop T. J. Maxx; people still use their credit cards because they have no clue how to avoid Heartland. That’s invisible to them.
Yes, for some businesses it can be pretty bad, but generally not as bad as they think. It’s the businesses that are required by law to report breaches that are generally complying with that and the other ones may or may not report it. And in some cases it’s because they don’t know who to report it to.
Alan: And in some cases I’ve seen people that anything that goes wrong with their computer the first thing they blame is that “This machine is infected so it’s been taken over by a bot. They are really doing that to my computer; my computer is fine, but it’s now being possesses.”
Randy: Actually, hardware problems do happen and software conflicts do happen. And many times someone assumes it’s a virus because there is a problem with their computer that has nothing to do with a virus.
Alan: We just need to look at what is going on with our computer day-to-day; make sure that we have a good line of in-depth protection and we’re going to be okay, aren’t we?
Randy: Learn in a little bit about computer security; follow safe practices; make sure that you keep your operating system patched and your applications patched, as well. Things like Acrobat Reader and iTunes and all kinds of instant messengers. You know, if the programs you use normally, day-to-day you have to check and make sure that you’ve got them up-to-date, because sometimes they have security problems.
So you take care of those things and make sure you keep your anti-virus up-to-date and that your firewall is turned on, you are going to be pretty well off and not likely to have many problems, at all.
Alan: This is where ESET NOD32 and ESET Smart Security come into effect because you watch out for all these “nasties “ for us. We don’t have to worry about it. We just install it and it’s there.
Randy: We watch out for them. There are things called Zero-days that even though the heuristics, the ability to catch brand-new threats are really good in ESET’s products. They are not perfect in any one’s product, anywhere. You need to not leave your goalie out there without the defensemen. Make sure you are practicing good, safe computing habits. But, you combine that with a good-quality anti-malware product and a good firewall and you’re in really good shape.
Alan: I know you have 30-day Trialware that anyone can download and try out for either NOD32 or ESET Smart Security. Where can we go find these downloads and are they limited in any way?
Randy: Certainly. If you go to http:///www.eset.com you will find the links for the products and downloads and we offer a 30-day, fully functional evaluation for both ESET Smart Security and ESET NOD32 Anti-virus Version 4. So, you can try it for 30-days and see how you like it see how it performs for you and it’s not a case where, “Oh, you can’t update,” or you can’t clean up a threat or anything like that. It is completely functional.
That’s a great place to learn more about the products to try the products out and if you have general security questions (I don’t do product support) so I’m not doing questions on ESET products, but just for general security question, you can always email me at askeset@eset.com.
Alan: Randy, we’re out of time. Today we’ve been examining the first of the unhealthy attitudes that is, “The sky is falling! The sky is falling!” Next time we’ll be focusing on the second unhealthy attitude, “I’ve been using my computer for years and I’ve never been hit by a virus or any malware. So, why should I bother running anti-threat, anti-malware software on my machine?”
I look forward to continuing this conversation next time.
Randy: I look forward to coming back, Alan. Thanks so much.
Visit ESET on Facebook
Follow ESET on Twitter