Nancy Hammervik

TechSmart recently visited Kaspersky Lab in Moscow for the prelaunch of its Kaspersky Internet Security 2012. We chatted to Nikolay Grebennikov, their chief technological officer, about malware and the future of security.


TechSmart (TS): Last month we saw certain American state officials' Gmail accounts being hacked. Could these types of attacks have been avoided if the people used internet security packages?

Nikolay Grebennikov (NG): I cannot say if antivirus/internet security solutions could have helped - it's also a problem of how you behave on the internet, how you communicate and with whom. You can get a security notification from your security package, but you can click allow, because you think you can trust it. You should consider online security as you do in real life.


TS: Are we right in saying that China, Brazil and Russian speaking countries are the main centres of malware attacks?

NG: Yes, these are the three groups of countries. But where the main malware is located on servers, is in the US and Canada according to our statistics. There are different vectors of attack - it's not just from China to US for example, Chinese people are also victims of their own countries attacks. TS: Who is creating the malware?


TS: Who is creating the malware?

NG: There are companies that fight against bad guys, and then there are companies that fight against us to get money in illegal ways. According to our estimation, in the world currently there are around 2000 groups of people who work on malware creation. And they sell their creations to other people who can just download these to create their own type of malware without technical knowledge.


TS: CEO of Kaspersky Lab, Eugene Kaspersky, said that there should be an internet Interpol of sorts created to deal with online crime. Do you agree?

NG: Currently we don't have enough protection from governments and police for the internet. It should not be so easy for criminals to work as easily as they do. I think we really need some international police and more strict rules. There should be an understanding from governments that this is a really big threat.


TS: Where do you see malware protection going in the future?

NG: I think in future many other types of devices would require protection. One very good example is the monitors used to protect people's health. Currently it's possible to monitor and influence the device using external tools and a Wi-Fi type of connection. Imagine a situation where criminals can penetrate and influence this type of device. Also think about cars with the amount of IT included. These are included in our long strategic plans.


TS: The new Kaspersky Internet Security 2012 package utilises "cloud protection", can we assume that this will be less resource intensive on the PC?

NG: Yes, it was one of the reasons why we pushed our cloud services. We realised that with our application control technology and reputational database, the size of the software's database will increase very fast and in this case we cannot upload all this information on a user's machine. At the same time we took into account the emerging trend of mobile devices on which you don't have a lot of space and we also wanted to use cloud technologies that does not overload it. We are also doing behavioural detection, the detection of the behaviour of applications (what certain applications do once downloaded), and this can be very resource intensive.


TS: What are the key examples of this new technology that is provided via the cloud?

NG: Well the first example would be to also check the behavioural pattern of files. We collect this behavioural pattern in our cloud from users of Kaspersky Lab products. Before, we only checked executable files (.exe), but right now we detect and have info in our cloud database about dynamic libraries (dls), drivers and info about PDF files because of new PDF exploits. Another good example is the anti-rootkit technology; because more and more malware try to go deeper, sit in the system and try even to infect micro boot records (mbr) of the disk. This is not rootkit but bootkit, the most comprehensive. I can say that it is basically generation 2.0 of cloud protection that we are introducing with Kaspersky Internet Security 2012.


TS: Are we going to see anti-virus packages for tablets too?

NG: During an internal meeting in April, I already demonstrated to all our R+D employees a prototype of an Android tablet anti-virus and security solutions, and yes, we will be introducing protection for Android tablets later this year. Because we don't just see malware as a treat, but also privacy issues, phishing and social engineering, we have to pay attention to this too. Plus unwanted content, mostly for children.