Complete Transcript of Interview – Randy: Abrams–ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
September 29 2007
Alan: You really can’t go to any news service on the Internet without finding article upon article about how bad the Internet threats are. Are they really that bad or is it being blown out of proportion? Our guest today is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Thank you, Alan. It’s great to be here.
Alan: I hear this time after time. “Anti-threat, antivirus companies are only making this appear more serious than what it really is, just to sell more products.” Is that really true?
Randy: Actually, I and others in the field, kind of tone things down, somewhat. In many cases, we find the press typing up incorrect aspects to sell copy and really miss things, (the really bad stuff) that’s out there.
Alan: We just had the Federal Bureau of Investigation on as our guest, talking about where they saw a really good need for setting up a Cybercrime Task Force. They are not going to go and set up a task force, unless they see it as a really serious threat!
Randy: I just got back from Washington DC. I was at the Internet Security Operations and Intelligence 3 Workshop and we had a lot of people from the FBI, from the IRS, from the Department of Defense, from a variety of State Governments. There is a huge, huge problem out there with a concerted criminal attack on Internet Users.
People who think that Antivirus companies are making this stuff up are burying their heads in the sand. There are organized groups of bad guys out there, trying to get your credit card information; trying to compromise websites that you go to. Like the beginning of this year, the Miami Dolphins Super Bowl site, was serving up malicious software that could install trojans on your computer.
In the last couple of days, the Bank of India’s website was compromised. This is a global problem and the FBI is correct. They do need a Cyber Task Force to deal with this. They need funding to educate more officers and to help inform governments. One of the biggest problems is that people are in places where we cannot even prosecute them.
Alan: Sometimes, I think the media is not really taking the hard-line approach that they should. I just love these little “cutsie names” that they come up with, like Phishing and Pharming. This is like saying that a person got mugged and it was like “personal bumping” or it was a bank robbery and it was an “unscheduled personal withdrawal.” Call it what it is – this is cyber crime, isn’t it?
Randy: It’s theft. They word “cyber” is just the tool that you use to do it. Nothing has changed for thousands of years. It’s theft – it is criminal activity. It’s just a matter of “Are you using a horse to get away or a car to get away, or the Internet”?
Alan: When you look at it from a fish’s standpoint, because we are talking about fishing, all of his neighbors are saying, “Well, it was a shame that Joe got pulled up on this line, but it really doesn’t affect me.” But, “Joe” who took the worm – his life has changed, forever, hasn’t it?
Randy: Yes, it takes an awful lot to clean up the mess after a theft of identity of which most Phishing ends up being – is identity theft.
Alan: I’ve seen, personally that all it takes is to go to a website that you think is legitimate, like PayPal or your bank and then put some information in there and then click on it. And then, about 30 minutes later you get someone who sends you an email that says, “Do you know that all your personal information is on this website? And when you go to this website, not only yours, but thousands of other people have put their credit cards, pin numbers, all their financial information on this site?” And it has only taken 30 minutes.
Randy: It’s very fast and it’s really good that we’ve got a lot of diligent people who are watching what’s happening out there. It’s so widespread, that the good guys can’t cover all of this. The bad guys are constantly changing tactics, changing locations. I would love to tell my mom “The stuff you saw on the TV or the news, that’s blown all out of proportion.” However, it’s gotten really bad.
Alan: As a programmer, I know how easy it is to change key words in a program and have it “recompile” each time so that when you look at it in binary code, it never appears the same, twice. And this is what a lot of threats on drive-by web sites are doing so you really have a hard time trapping this with antivirus software.
Randy: We actually have to use “heuristic” approaches that don’t look at exactly what the words are, if you will – it looks at, “what does the sentence mean?” I could say, “I want you to go walk the dog for 10 minutes”, or I could say, “I want you to walk the dog for 5 minutes” and “walk the dog for 5 minutes”. I said the same thing, it’s just different - and if you are looking for an exact sentence, you will miss the stuff that means the same thing.
That’s what these threats are doing. They’re changing exactly what they say, but the meaning is the same. A signature-based scanner isn’t going to catch all the variations of it. So, you have to have something that has heuristics, like ESET’s NOD32.
Alan: I hear this from you and I hear this from others in the anti-threat, antivirus world. There are 20,000 new antivirus variations every single month. That is just really hard to comprehend, isn’t it?
Randy: It’s a lot more than that. What people have to realize is that this doesn’t mean that some programmers are out there writing 20,000 brand new, from-scratch things. For an antivirus product that doesn’t have strong heuristics, anytime you change one of these threats a little bit, it’s a brand new threat. They need a new signature, if they don’t have heuristics.
What we’re seeing is programs that are automatically being modified on the fly. I’ve gone to a couple of websites, tracking down some malicious programs, where I download a sample and I come back 5 minutes later and download another sample, it’s the exact same link, but the program is different, now. It’s the same threat, if you will, but it’s been modified. And some of these are being modifying as quickly as a couple of times a minute.
Alan: It’s still a major threat in what it can do to our computers.
Randy: The bad buys can install a Bot on your computer and then they can use your computer to send out Spam. And they get paid for your computer sending Spam. You are not making a penny off your computer. They are making all the money on it, in addition to housing illegal files and all the other stuff. They will then make your computer attack another company as part of a coordinated attack, using 20,000 or 30,000 different computers.
So, just because you don’t think you have anything of value on your computer, it doesn’t make it so; your computer is very valuable to the bad guys and it might be attacking an organization that you fully support, but because you thought that, “Hey, there’s no problem – it doesn’t matter”, you are allowing the bad guys to attack things that you might care about.
Alan: We get email after email here at Let’s Talk Computers that the average person will look at and just laugh at – but people are actually clicking on these links and filling in their bank information, their credit card information. And why are we so vulnerable?
Randy: People, I think are not current on how things have changed. If you remember, when we were kids, we were told that overall, most people are good, right?
Alan: Absolutely.
Randy: And actually, most people are good. However, the automation capacity of the Internet means that one bad person can send a whole bunch more malicious software out than all the good people are going to. It doesn’t mean that there are more bad people than good people, but the Internet has a lot of bad people who get things done very, very quickly.
So, when you are dealing with Internet technologies like email and websites, you have to realize that there’s a lot of bad stuff out there and you had better be careful. You can’t just believe that because something says, “This is something you want. This is a new movie, these are pictures.” Especially, when it says, “These are nude pictures of some celebrity.”
Nobody is giving that stuff for free. Think about it. There’s a lot of gullible people out there and it’s difficult to get them to understand that “No, there’s absolutely no chance that it is what it says it is – they are just trying to infect your computer.”
Alan: It like when I used to live out in the country, we left our front doors wide open to get the breeze in. And we left our keys in the car; we didn’t think anything about it. If we got up the next day and the car was missing, we know that somebody needed to borrow the car to go get some gas. When we look out the window, later we will find our car, back and when we get in the car, we will find a nice little note, saying, “Thank you for the use of your car. And by the way, I filled up your gas tank.” There are sites that you can go to every day, day in and day and nothing bad is ever going to happen to your computer. It’s when you go around to some of these unknown sites – who knows where they are?
Randy: It used to be that way, but it’s not just those, anymore. Because now the bad guys have figured out that some people are getting smart enough to go to what we would call, “risky sites” – and they are deliberately compromising what you would expect to be a “good site.” So, even then, you do need to have some protection; you need to be aware of what you’re doing, of what’s going on and use security software to help protect yourself from the threats.
Alan: Now that we have to accept that these threats are real because it’s been backed up by the FBI; backed up by legit sources, what is ESET doing to help us to prevent getting these things on our machine?
Randy: For one, we make a very high quality antivirus product, which can help detect and block brand new threats better that we have never seen before. ESET also participates in events such the Internet Security and Operations and Intelligence Forum, where we will share information with the FBI, with law enforcement and also with other researchers who are working really hard to solve the problem. We will share samples of new threats with other antivirus companies, (even though they are our competitors) - any of their customers that get infected now have computers that could be used to attack our customers, too! We work with the entire Industry to try to mitigate the threats out there.
Alan: And you have more 100% Awards from Virus Bulletin than any other company out there.
Randy: That’s true, we’re very diligent about the quality of our product and the Virus Bulletin 100% Award is only awarded to companies that detect 100% of what we call “In the Wild Viruses”. We have never missed one of their awards for failing to detect an “In the Wild” virus - ever since NOD 32 came out in 1998.
Alan: When we see all these comparisons, I start seeing the Standard Virus Edition, the Advanced Virus Edition, the Corporate Edition, the Enterprise Edition, and so on. You have one Virus Engine that protects both the consumer and the enterprise.
Randy: There is no reason to put out a lesser technology for anyone, so that’s not something we do. The only difference between the Consumer and the Corporate Edition has to do with the ability to get updates from an internal web server, instead of going out to the Internet – because in the company, sometimes it’s not proper to send the Client machines out to the Internet.
Alan: And now, with the amount of viruses, the amount of malware and keylogging and everything else that we’re seeing, there’s more and more that you have to stop. And if your engine isn’t the fastest out there, consumers just turn it off.
Randy: That’s what we found in a Harris Poll we commissioned was that about 65% of the corporate customers who were able to, were disabling their antivirus software, because it was interfering with what they wanted to get done.
Alan: And yours is one of the fastest, if not the fastest out there!
Randy: It’s a very, very fast product. Also, it takes very little in the way of system resources. ESET NOD32 Antivirus is written, primarily in Assembly Language, which makes it a very low system-impact product; it runs very quickly; and you generally don’t even notice that you’re running NOD32 Antivirus in the background.
Alan: And you don’t have to pay an arm and a leg to have protection, because NOD32 is very affordable, isn’t it?
Randy: For a Single User License it comes in at $39 for the first year and $27 a year for Renewals. For a Product that has the proactive protection in the world and allows you to keep using your computer as you want to use your computer, that’s not bad at all.
Alan: And you have a free Trial Version, so that we can see how it actually works. And this Trial Version has upgradeable Definitions for the full time of its trial, on your website.
Randy: ESET NOD32 Antivirus trial software is a 30-day, fully functional evaluation copy. The idea is for you to evaluate what the software actually is, not what we say the software will be if you give us money for it.
I recommend that people never buy antivirus software that says, “Well, you’ve got a problem on your computer and you’ve got to pay us to clean it. We’ll let you try scanning for free.” ESET gives you a copy of the software, fully functional, and says “Here, try it out; this is what it is - see what you think.”
Alan: And where can people go to get that full functional trial version and to find out more about the threats that are out there in this world?
Randy: http://www.eset.com.
Alan: Randy, as always, it is our pleasure to have you as our guest here at Let’s Talk Computers and we hope to have you on the air again, real soon.
Randy: I look forward to coming back, Alan. Thank you, so much.
