Complete Transcript of Interview – Randy Abrams - ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
May 2 2009
Alan: Even a month after a supposed official launch date, the Conficker Worm it is still creating major headlines. How can we make sure that our computer systems are not being infected by this worm or other major malware threats? Our guest today is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Alan thanks for having me back.
Alan: With the amount of coverage the press has given this particular worm, (the Conficker Worm), you would think that everybody has done everything they need to do to protect themselves. But, they haven’t. We’re still hearing about in the press that people don’t know if they are infected or not.
Is it just that they don’t have the time or that they just don’t want to bother to keep their systems patched and updated? Or is it that people just don’t take these threats seriously? Or is it that they are thinking that’s its only going to affect the big systems, the ones that have all that money behind them and it’s not going to affect them?
Or are you seeing this as just part of a much larger, underlying problem that some individuals and businesses really need to re-evaluate how they are looking at security, in general?
Randy: It’s really a problem of doing security right and taking it seriously. Anti-virus software is one way of defense. There are other defenses that you should have in place, too – such as patching; such as firewalls, such as a password policy that requires people to use long passwords. You can’t really say there was only one thing they did wrong. In most cases you’ve overhaul your security.
There was a hospital that got hit with Conficker, because they had stopped doing patches. The reason they stopped doing patches was that they were using automatic updating and one of their computers rebooted because it updated during a critical time.
So, they just stopped doing automatic updates, altogether. Where they could actually configure not to reboot, automatically, but just download the patch and wait for somebody to say, “Okay, it’s okay to install now.”
Sometimes security is not convenient, but you’ve got to make some wise decisions about what level of inconvenience you’re going to put up with; because it becomes much more inconvenient when they have to pay the price.
Alan: In order to have true security you really have to take into account how you access the Internet. In a lot of cases, you go to the store; you buy a router or a cable box and then you connect your computer to the Internet and you’re in a wide-open state. The default system for most routers is no security, whatsoever. This is a major problem, isn’t it?
Randy: That’s a huge problem with routers, because they come with the “default passwords,” that everybody knows and not only a default password, but a default name, as well. When you plug that thing in, it’s just about ready to be taken over by “bad guys” if he wants to find it.
There’s a lot of security intelligence behind making it go through the steps to set it up, because if you’re doing security, intelligently you’re going to go through those steps, anyway.
If it’s already turned on, you’re going to be going through turning quite a bit of things off. If it comes with everything off, it is safe to plug it in; you’ll just have to turn things on in order to use it.
Alan: There really needs to be a tutorial that comes with these routers and wireless systems that says, “This is exactly what you need to do to be safe and if you’re not, this is what’s going to happen to you. Your bank records are going to get compromised. Somebody is going to log into your PayPal account and drain it very quickly or they are going to put stuff up on eBay and sell it in your name.” These are all the different things that, if we are not careful, are going to happen.
Randy: Yes. And that’s really difficult to get people to read the manuals or to take the tutorials. Pretty much the only enforcement is, “I plugged it in and it doesn’t work. Now, I’ve got to figure how to make it work.”
Alan: Yes, I’ve got one of these t-shirts that says, “When in doubt, Read the blankety blank Manual!” – and you can fill in the gap as to what blankety blank means. But, it’s like - nobody reads the manual, anymore – mainly because they come on CDs and nobody takes the time to look at the CDs; they just install the software or they just install the hardware.
Randy: That’s true. And I’m guilty of that because I’m still trying to figure how to turn off some of the buzzes on my blackberry.
Alan: We go out to eat to a restaurant and we won’t even think twice about leaving our credit cards on the table for the waiter. We give it to the waiter; they run up the ticket; we get our credit card back and a lot of times we don’t even bother to look online to see exactly what was charged and to where.
However, when we go online when doing any kind of e-commerce or buying anything online, it goes through multiple, multiple sites – it’s not just one vendor that we’re giving credit card information to, is it?
Randy: Actually the only thing that’s different is that the restaurant is physically in the store; where as online you’re sitting at your computer. Yes, there are a few other websites or Internet servers that the information passes through, but once it hits the merchant, from there it gets sent to these processing companies just the same.
So, T J Max was another one that was hit quite sometime back and it was a similar type of thing like Heartland where there were millions and millions of records stolen that have information that was useful for people want to steal credit card information or debit card information.
Alan: And then we hear about all the data breaches that major companies are having because they did not have all the correct security in place. Take Heartland, for instance. They had a major data breach, but the average person doesn’t do any banking with them and so thinks that it will not affect them, personally.
Randy: No, but your bank does business with other financial companies that care of things like Visa transactions, which most debit cards are Visa. Or they take care of American Express transactions or Master Cards and Discover and there are huge companies that most of us have never heard of until they hit the news, because hundreds of millions of records got compromised.
When you go to a restaurant and pay with your debit card or credit card that goes through one or more processing companies. Some of the big ones handle a hundred million or more transactions in their database – and not just transactions, but individual’s transactions.
You don’t see all the places throughout the world that your information is going. However, the “bad guys” know these places and focus on them and that’s how they get the information to perform credit card theft – and in some cases – if improper information is in the database they get enough information to perform identity theft, as well. Heartland appears to be an even bigger one than T J Max.
Alan: Well, what is even scarier is what about the companies that have breaches that you don’t even know about or that you hear about many years later?
Randy: And that’s why there is legislation about reporting it and yes, it is embarrassing to have to report that a company like that got compromised, but it becomes much more expensive if they try to cover it up and don’t report it. And I think that’s a good thing because it raises awareness when these things are reported and it’s important for us to know when our financial information might be at risk because of their mistake – regardless of a lawsuit.
Alan: Well, Randy, as consumers, what can we do to make sure everything is working the way it should?
Randy: You know, as a consumer, we can’t control how Heartland or other companies like control their security. The things we can do is to use a credit card rather than a debit card because you have more personal protection if the credit card is abused than you have with a debit card.
Check your credit reports every year. You can get a copy of your credit report, for free, every year. It’s a good idea to get that free report. You get it from three different credit agencies; make sure that there isn’t improper activity; that there aren’t cards that are being opened that you didn’t open yourself – things like that. It takes diligence and follow-up.
Alan: I know it’s so important to always look at your financial statements; because a lot of us get online and we just take it for granted. But, you really need to look at everything that is on that statement to make sure that you did, indeed, purchase it and authorized it; because if you did not it’s going to come back in the next couple of months and then again in the couple of months and it’s going to be a bigger and bigger amounts each time, isn’t it?
Randy: Yes, or maybe a fixed amount, month-in and month-out. There are places where when you go to buy online they have a little offer for credit protections or something like that. And in some cases it is checked and if you read the fine print it says something like this, “it’s free for a month and then we’ll bill your credit card.”
It’s like, “I didn’t give them my credit card information; I gave the credit card information to the company that I was buying a product from, but because it’s on that website, the company passes that along,” and then we start getting billed for something that you didn’t even realize you were buying.
So, It’s really important to check the entire page and each page when you’re buying things online to make sure you’re not being signed up for things that will cost your money that you did not want.
Alan: Well, in order to have a complete computer detection system in place, your first line of defense must be an anti-malware, anti-threat software package that you can rely on. Your NOD32 and ESET Smart Security have won numerous awards, haven’t they?
Randy: Yes, we have. We have are at the record for the most Virus Bulletin 100 Awards; we’re always among the top for various independent reviews such as AV-Comparatives and AV-Test. For AV-Comparatives we have the most Advanced Plus Awards of any product out there. In fact, one or two reviews ago, we were the only one that got the Advanced Plus in their testing.
Alan: And it always amazes me that some anti-virus companies say, “We have some false-positives. There are some viruses get through and it’s no big thing.” Well, one virus that gets through on my network – it is a big thing;” because it’s a big thing to me, isn’t it?
Randy: It is and none of us are immune to false-positives. It happens to all the products, but you need to keep the false-positive rate as low as possible. For Virus Bulletin testing, they use a set of viruses that are from what we call “the Wild List.” These are viruses that we know are in the wild that have been verified.
You should be catching those and ESET NOD32 is the only Product that has not missed an In the Wild Virus; it’s in all the Virus Bulletin testing.
Alan: And you also have heuristics built into your software that basically says that even if I don’t get a definition, I’m still going to be fully protected. Because, a lot of times when a new virus comes our or it’s a one-shot virus that is changing automatically each time that they release it, I still have to be protected.
Randy: Right. The Storm was being re-packaged every five minutes, automatically. There’s no way you could keep up with signatures to protect that. The authors of the Storm Worm were testing anti-virus products and they were changing things frequently. Sometimes we had to change our heuristics, to nail down the heuristic and every five minutes we were detecting a new sample without new signatures.
Alan: Well, you have two Products. You have your NOD32 Software and you have your ESET Smart Security Software. Under what circumstances would I pick one or the other?
Randy: Well, ESET Smart Security also includes NOD32 and a personal firewall and anti-spam. So, if you prefer to have the convenience of all three of these security products in one program, then that’s when you pick the ESET Smart Security. Firewall is a bi-directional firewall, and it’s much more configurable than the one Windows Firewall. It also shows the information with the Anti-Virus Engine so we are able to have better heuristics.
It also provides some anti-spam, which a lot of times viruses that come in email look like spam, so without even detecting that there’s a virus in the email; just because the email looks like spam – the anti-spam protects you, as well.
If you have a favorite anti-spam product or have a favorite firewall or something like that, then NOD32 will be the anti-virus software that complements your security profile.
Alan: But, one of the big problems I see for using different brands of each part of this defense in-depth that we talk about, is that you may miss the inter-connectivity that ESET provides, because your firewall talks to your anti-virus program and your anti-virus program talks to your anti-malware program and they’re all tied together; whereas different brands don’t even know that the other one exists.
Randy: That is an advantage for ESET Smart Security, because essentially to identify something that you’ve never seen before, you’re using certain rules about behaviors and patterns of behaviors.
Malware often will do things that are of significant interest to a firewall, even though the firewall doesn’t know what malware is. But, the firewall can share that information with the anti-malware engine and the anti-malware engine can then say, “Oh, it’s breaking this rule; it’s breaking that rule and the firewall tells me that it’s doing this, as well.” And you can use that information to fine tune the heuristics to have better protection.
Alan: If somebody would like to find out more information about NOD32 or your ESET Smart Security Software, or any of the White Papers that you have on security, where would they go?
Randy: They can come to http://www.eset.com We also have the ESET Mobile Anti-Virus for Smart Phones, so if you want to get some protection on your Smart Phone we have a solution for you, as well.
Also, on the Website you can go to the blog or to the Podcast or to just go the Threat Center and the Threat Center will give you links to a lot of other information.
Alan: Well, Randy, as always, it’s been our pleasure to have you as our guest here on Let’s Talk Computers talking about how we can keep our computer safe and we look forward to talking to you again, real soon.
Randy: Thank you very much for having me. It’s always great to be here.
Visit ESET on Facebook
Follow ESET on Twitter