Eugene Kaspersky | When Criminals Stalk the Internet
Interview with Eugene Kaspersky, head of antivirus research for Kaspersky La
- By William Jackson
- Apr 13, 2006
"In the past, there were kids writing viruses, and some of them were very clever. Most of the malicious code written today is for money." Eugene Kaspersky
Eugene Kaspersky was working for the Soviet Defense Ministry in the late 1980s when his computer became infected with the Cascade virus. His fascination with the malicious program eventually led to commercialization of what became the Kaspersky Anti-Virus tool.
Today he's head of antivirus research for Moscow-based Kaspersky Lab, which he co-founded in 1997. Kaspersky is a recognized expert on viruses and other malicious code, and while you may not use his antivirus scanner on your desktop system, chances are it's running on one of your agency's network security appliances. He spoke with GCN on a recent visit to Washington.
GCN: How did you come to build your first antivirus tool?
KASPERSKY: It was an accident. My computer was infected in 1989. At that time there were about 10 different antivirus programs and I used one of them to disinfect my computer. But I was very curious about viruses, so before disinfecting my computer, I put a copy on a floppy disk and when I got time I analyzed the code.
I decided to write my own program to disinfect the file. In a week or two, a friend told me his computer had another virus. So I collected that virus. That was my hobby. Some people collect stamps or butterflies; I collected viruses.
GCN: How did you commercialize the tool?
KASPERSKY: Because of the collapse of the Soviet Union, there was a bad economic situation in Russia. I wanted to make some money, so I went to a large IT company in Moscow where my former teacher from the university was working. When I told him I was working on antivirus detection he said, 'Just keep working with that.'
That was 1991 and that was the beginning of it. In 1992 I set two more guys to work with me to develop the best detection rate and disinfection ability. By 1994 we got best results in antivirus tests in Germany at Hamburg University.
GCN: How did you distinguish your antivirus tool from others already on the market?
KASPERSKY: The situation now is that there are thousands of people developing malicious code for money. They are criminals, making big money. The result of this is that we receive hundreds of samples a day and we have developed a special technology to handle all of this malicious code. Last year, the number of samples we received doubled.
GCN: A lot of the buzz in security now is on behavior-based tools that can protect against zero-day exploits. What is the role of traditional signature-based tools?
KASPERSKY: Zero-day protection'in the past they called them heuristic scanners'is not new. They were developed at the end of the 1980s. They didn't solve the problem in the past, and I see no reason why they should solve the problem now.
Malicious code is developed by humans. If there is some solution that solves all the problems at the moment, hackers would develop a new method tomorrow. So there is no such thing as 100 percent protection. Zero-day solutions are able to stop some of the attacks, but not all of them. Zero-day solutions are a good thing, but it is an addition to signature-based scanning.
GCN: How do you improve antivirus tools beyond keeping the signatures up-to-date?
KASPERSKY: We have a heuristic scanner in an upcoming product, but we see that the signature-based scanner is the main part of our technology. So what we do is decrease the time between attack and protection.
With signatures you are seeing just the end of the process. You don't see all of the work that is done before the signature is produced. The first step is collecting the initial samples. More than 50 percent are received from our automatic filters. We also have a network of agents, security experts who provide us with samples. The next step is to analyze it, and if it is malicious, a new detection engine signature goes into the database, and then it is released. We are getting about 1,000 samples a day.
GCN: How many of those 1,000 result in new signatures?
KASPERSKY: It is about one out of five. We release about 200 signatures a day. In our daily updates, we have 50 to 100 kilobytes. Half a megabyte is an exception.
GCN: What trends are you seeing?
KASPERSKY: The criminalization of the Internet. In the past, there were kids writing viruses, and some of them were very clever. Most of the malicious code written today is for money.
GCN: Has the fact that profits are at stake raised the skill level of the people writing malware?
KASPERSKY: They are developing different types of malicious code. There are very primitive, very simple Trojans to steal what is typed on the keyboard. At the same time, there are very complicated Trojans and stealth technologies called rootkits, and new types of encryption and compression to carry the malicious code. So they are getting more simple and more complicated at the same time.
GCN: What is the biggest security threat today?
KASPERSKY: I don't see just one, I see several. The top one is the criminalization of the Internet. Last year, the number of viruses we received doubled, and I would not be surprised if it doubled this year again. We will see more and more criminals, and as a result more attacks and different vectors for these attacks. I'm afraid that antivirus companies will not be able to develop protection against new attacks.
We are also starting to receive more reports of direct attacks against just one business'just one computer, but the most important one. This is being done with the help of an insider.
The third threat is smart phones and new technologies. They are not just phones, they are computers. Criminals and hackers have not paid attention to smart phones because there are not so many of them. But I am afraid that one day there will be more smart phones than computers. Many people who use computers now have some basic knowledge about security. They know about hackers. But smart phones will be used by people with zero knowledge about computers.
GCN: Will the criminalization of the Internet cause people to stop using it?
KASPERSKY: Of course not. I can't remember any case where people left technologies out of use because they are dangerous. What's the most dangerous thing in the world? Cars. But we don't stop using cars. We develop security systems, the traffic lights, seat belts, air bags, etc.
We will not stop using the Internet, but there will be some limitations. We will pay more attention to education and invest more in security. It's like an airport. There are more security controls and security announcements.