Roger Thompson (AVG) answers Agnitum’s questions

This time we are happy to interview Roger Thompson, best known as the co-founder of Exploit Prevention Labs and currently Chief Research Officer at AVG Technologies. Roger is a veteran of the security industry with over 20 years of experience and several successful businesses behind him. Now’s your chance to learn more about his remarkable personal experiences and smart, humorous approach to security issues. Let’s hand over to Roger Thompson.

Q.: Hello Roger! Thanks for being with us. A traditional question to start with: What is your educational background?

A.: I actually never completed high school. My parents really couldn’t afford to keep me there, and I was not the greatest student. I was always able to obsess over the things I was interested in, but that rarely coincided with what the teachers wanted me to do. I focused on chess, playing sports and playing music, and in doing so, learned how self-education works. This turns out to be a useful attribute for anyone involved in research.

Q.: How did you get started with your web-based threat research? Could you tell us a few words about your team and its goals?

A.: It turns out that if you’re good at computers, and you have grown up children, you get to be Tech Support Of Last Resort. If they’ve got a computer they can’t fix, they bring it home for dad to fix. A few years ago, one of my kids started bringing home machines with rootkits, and while that was interesting, the really interesting thing was how they got the rootkit. All they were doing was surfing the web, looking for lyrics to songs, and the next thing they knew, they had a whole lot of new software that they couldn’t remove. I quickly realized that the web was the emerging battleground, and built a team and a product to find and handle web-based threats.

Q.: What made you become a security specialist?

A.: I got started in the anti-virus business way back in 87. I had a team of Oracle contractors that was making good money, but I was always looking for a product that I could build and sell, and when one of my clients thought he had this new thing, a “Computer Virus”, I instantly saw the opportunity there.

Q.: What do you think are the most promising security technologies we can expect to see in products in the near future?

A.: All the security software we ever need has now been written. I’m kidding, I’m kidding!!!! I like the idea of web security technology for the foreseeable future.

Q.: What kinds of security software do you personally use?

A.: I tend not to use security software, except in test environments, and then I have about one of everything. No one actually needs security software… you just have to set up your machine properly, and you’re perfectly safe. The problem is that most people don’t know how to do that. It’s a bit like saying it’s easy to make money on the stock market… you just buy low, and sell high

Q.: Do you and your team participate in security groups and online forums? If so, which?

A.: Yes, but mostly on closed email lists with other security pros. I do post to Wilder’s forums a fair bit.

Q.: Where would you recommend users to turn on the web for security education and information?

A.: There’s an abundance of information. Wilder’s is pretty good, and we have some nice videos on youtube that are fairly educational. Search for toughonthreats and/ or rogertatmindspring and you should find them.

Q.: Thank you, Roger! It was a pleasure to talk to you. Best luck in your job!