Saturday, August 16, 2008

The Viruses of Khan El Khalili

I recently came back from a 16 country trip, during which I had a chance to meet and talk with IT security guys in lots of different environments.


What I discovered was that in some countries, consumers are overwhelmed with phishing and identity fraud-style attacks, including man in the middle and man in the browser attacks, while in other countries, destructive viruses are far more of a concern.

I also discovered that some markets have grown to the point where local language attacks and coding efforts are starting to pay dividends to hackers. This is not good news.

The other day in Cairo, I got to talking with an IT guy who does quite a number of large data center installations. He says one of the problems he faces is that western-based antimalware applications that are signature-dependent don't do a great job of detecting some of the local viruses.

He wasn't complaining - he spends a lot of his time re-imaging machines because of this (the best remedy when no disinfection routines are available), and it's good business - it also helps drive customers to adopt Linux, which is the fastest-growing part of his company.

But as we sipped our coffees by the eastern side of the Nile (in a very nice bar called Sangria), it was clear to both of us that a system that relies on constant re-imaging of devices is eventually going to be pushed aside in favor of one that doesn't (Ubuntu, anyone?).

Interestingly enough, in Japan, I noticed the issues they faced were more similar to Egypt that the US. More emphasis on data backup and protecting files from viruses, and less talk about spyware and the stealing of user credentials - which might explain why Trend Micro, a Japanese company, is, in my opinion, better at the former than the latter.

One of the reasons I think Rising and Jiangmin are doing well in China is because they are focused on viruses and other forms of malware (such as the Panda virus above) that target the Chinese market. The same could be said for Korea-based Hauri.

In the Southern hemishere, phishing and 419 scams, identity fraud, spyware, and all of the virsues and Trojans recently written to steal user credentials were far more prevalent issues. From South Africa to Australia, and north to regions such as Singapore to Europe and the UK, it was clear that user credentials, not devices, were more the focus of attacks.

Likewise in the Gulf countries I visited, where phishing, wifi hacks and man in the browser attacks increasingly dominate conversations. I heard from several IT guys, including several CSOs, about increased prevalence of local language attacks - something they never used to see at all until quite recently.

Clearly, as these individual markets grow, at a certain point, hackers start "going local" - creating demand for security solutions capable of protecting local users from locally-focused hackers. I expect this "going local" factor will start to have ramifications soon regarding antimalware testing and certification, which is currently very Europe-centric in nature, and design.

Because when it comes to local threats attacking narrowly-defined markets, even signature-based systems that feature great heuristics will find it harder and harder to keep up.

This last fact was one of the concepts that we kept in mind while designing Authentium SafeCentral, our "secure browser plus virtual desktop plus secure DNS service". When we designed this product we focused on five basic areas of vulnerability: the user, applications, the device, the network and the destination.

SafeCentral maintains a solid security posture, and enables secure transactions, regardless of your location, or where the malware was written. You could look at it as our investment in a future build on increasingly large, interlocked, local economies.

You can download a free copy here.

Note to the antimalware companies mentioned above - if you're interested in offering SafeCentral to your customers, we do have an OEM program: a large part of our antimalware business is OEM-based, through companies like Google, Microsoft and Symantec.

No comments: