Alexey Belkin (Agnitum) speaks about the future of the security industry

This month Alexey Belkin, Chief Software Architect for Agnitum, shares his brief view of Internet security and Windows Vista security-wise. Follow the interview to glean Alexey’s personal thoughts and predictions.

Q.: Alexey, the first question is: What type of malware or web-borne threats is the most dangerous, from your point of view? Our readers are curious as well.

A.: I think it’s ID theft. The most dangerous malware (viruses, spyware, etc.) a user’s PC can be infected with is the one that records users’ keyboard entries, including passwords, credit card numbers and personal messages, tracks the web-sites you visit and is capable of retrieving passwords or any personal data from other programs used for web surfing. Constant and consistently renewed modifications of malicious software, especially those targeting a small number of PCs, pose a serious threat to the traditional signature-based approach and create a risk of personal computers being infested for years!

The problem becomes even more severe as some antivirus vendors do not bother to supplement their bases of malware with the samples their removal methods can’t overcome. Sophisticated malware can be so well integrated within the system that traditional removal methods turn to be ineffective against it. As you might know, one of the key goals for Agnitum’s products is to ensure malware is blocked on the earliest stage possible (simultaneously with the system boot-up) and also to eradicate malware which has been integrated into the system in most sneaky ways.

Another alarming fact is the spreading of malware which inserts itself into autorun mechanisms of removable disks (carriers). Such nefarious programs infect memory cards for photo cameras, MP3-players and other portable devices defined by an operation system as “removable storage device”. The percentage of such virus samples is growing monthly, one of the reasons being a presumed harmlessness of, say, plugging a camera into a PC as well as the boom within manifold compact data storage devices.

As for mail worms, they expansion has been majorly diminished as a result of long-lived “beware of mail attachments” security propaganda. Most likely, the removable storages problem will share the same fare. The times of virus-infected floppies have passed and people have got used to the idea their flash drives are quite safe.

Q.: What do you think about the existing malware tests (such as AV Test, VirusBulletin, etc.), do they reveal the real picture of products’ quality? Up to what extent can we rely on these researchers?

A.: Such tests as those performed by VirusBulletin are, undoubtedly, of great interest. Even if we leave the VB100 brand behind, analyzing the number of detected malware samples is still a curious thing. For instance, the fact of slightly unequal malware propagation in different regions leads to certain “geographical” peculiarities. Besides, additional materials delivered to antivirus vendors such as comparative performance tests are important for us. It’s not unusual that security manufacturers make good use of this comparative data without loading their own testing resources, creating home-made (often very subjective) techniques or performing full-scale research.

Q.: Alexey, many of our readers ask whether they should use an antivirus or a firewall, or both. If we talk about signature-based and proactive protection approach, what are the advantages and disadvantages of these two?

A.: Reactive approach (antivirus technologies) remains one of the most important means of protection against malware, aiming to identify and remove nefarious programs. The improvement and development of antivirus technologies led to the quest for integrated security. But the need for proactive defense to prevent potential malware activity and zero-day threats has been equally or even more important.

With the supplement of proactive protection (which tracks potentially risky software and components interaction as well as suspicious attempts of changing key system settings) any PC becomes better safeguarded against malicious activity and capable of preventing infections at an early stage.

To sum up, proactive defense is a key element in any data protection strategy. By tracking unauthorized behavior, it can mitigate a PC’s sensibility to any threats – notwithstanding the existence of an updated signature base.

Q.: What role shall personal firewalls play within internet security in the epoch of integrated solutions?

A.: The position of a personal firewall is at the first line of defense within the integrated solution. It seems to be the only option nowadays.

Q.: Do you think separate antivirus and firewall solutions should still be in demand and well maintained, or security suites will force them out of the market completely.

A.: There’s no doubt that security suites will hold the leading position on the market. However, standalone solutions will still be in place, the same as you may see plenty of hardware components in retail while out-of-the box laptops and desktop are abundant.

Q.: I’ve got a question concerning Vista security. This issue had been discussed even before the OS’s release and experts revealed plenty of vulnerabilities that had to be consistently patched. Now it’s been more than a year that Vista is on the market. How would you rate Microsoft’s efforts to increase the system’s security? Does it make sense to deploy Vista without third-party security software running?

A.: When just released Vista contained significantly fewer vulnerabilities than its predecessors. Many security problems can be solved with the aid of UAC (User Account Control), but it looks complicated and few users are ready to work with it. Lots of work has been carried out on the Microsoft side but still Windows is the system that wants third-party security components.

Q.: There’s an opinion that Vista’s high vulnerability that at first caused negative reaction is a relative showing. As this OS is very popular and has dominative ambitions, it attracts more hackers’ attention. Whereas less popular OS’s seem to be more secure because cybercrooks are less interested in them. What do you think about it? What OS is the least vulnerable?

A.: I completely agree with this opinion. The more popular a program is the better target it is for cybercrooks. At the same time “marginal” systems provide less transparency and their vulnerabilities are not so well-known. An exotic OS is always more “secure”. Answering the question “What’s more secure – Vista or XP?” we have to admit: it’s Vista.

Q.: What was the influence of Windows Vista Service Pack 1 launch – on the OS and on overall security?

A.: Service Pack 1 for Vista can really influence Internet security. Not for the reason of its new protection capabilities, but because many users who have anticipated this launch will finally start migrating to Vista. If you take a look at the recent “When are you moving to Vista?” surveys, you’ll realize one of the most popular answers among tech-savvy users has been “After the release of Service Pack1”. Finally it’s unveiled and we can expect more and more advanced users to turn to the latest Microsoft’s OS. The changes in Vista will prove to be fruitful later, when software developers will realize the erstwhile privileges of their programs can be significantly limited and will start to design the software accordingly. And also: when users will work in restricted regimes more often. Unfortunately, software developers hardly ever consider “The Principle of Least Privilege”, whereas the prevalence of Vista will force them to do so and take privilege issues into account. Since it’s no secret that working under a restricted account with limited rights helps avoid a good deal of modern Internet threats.

Q.: Thank you, Alexey! Don’t hesitate to let us know when you have new thoughts and observations to share.

A.: Sure, with pleasure!