For the last two weeks each and every fan of official Kaspersky Lab Facebook pages worldwide had the chance to ask our CEO, Eugene Kaspersky, anything at all (and we must say that some of our fans took this literally:)) Thank you for the hundreds of great questions! There’s nothing more valuable in this world for us than your feedback and ideas on how to proceed with our quest to Save the World in the most efficient way. We’ve selected the most interesting and edgy questions of yours and asked Eugene to answer them with his usual honesty.
Here’s the first Social Media chat with him, which, if you’re up for it, we’re proposing to make an ongoing tradition:
Why don’t you issue a free antivirus version for home use with limited features just for the Middle East? Because the original copies for the Middle East are really expensive, contrary to those in European countries, which makes us download the full version of the program illegally and using stolen registry numbers or crack programs to register it.
Nice question! And really painful. First of all, in today’s world it’s not possible to release a special free version for a dedicated country – it will spread all over the world immediately. This is why we decided to do it globally. We offer a set of free products that will ensure basic protection of your PC. Let me draw your special attention to Kaspersky Security Scan which works as a second-opinion scanner to illustrate how good (or bad) your current AV is compared to the top-notch industry standards.
Mr. Eugene, Can I work for you?
It’s not a problem to get a job interview for Kaspersky Lab 🙂 We have 30 representative offices and partners in more than 200 countries and territories. If you think you’re qualified, just apply for a position and do your best to prove yourself worthy to work with one of the best IT teams on the planet. (I really mean that.) We have a hell of an HR team–I’m sure that your skills and potential would be examined in the best way possible. I really wish you good luck. And I’m sure that everything in the world is possible if you really want it and make an effort.
What about cybercrime in the next few years? Will it be more or less? What will come?
I wish I could say “the world is getting much safer”, but, unfortunately, there are definitely more threats to come. One of the reasons is the constant growth in the number of computers, and now smartphones. There are more than 1.3 billion mobile devices with access to the Internet right now. And each and every one of them (well, almost), is connected to social networks with very confidential personal data such as ID info, paid online accounts data (such as Skype, World of Warcraft, PayPal etc), bank account information. And cybercriminals see that growth and try to use this growing infrastructure for evil purposes. Plus, there’s a number of really huge cyberweapons we’ve discovered this year (on our own and together with our partners) – Flame, Gauss, miniFlame. The governments are starting to bring espionage and warfare tools to the online world. And I’m afraid it would take a lot of guts, time and efforts to fight it.
Will there be a mobile solution coming up for Windows 8 mobile?
Absolutely! We were among the first to enter Windows 8 marketplace. Our Kaspersky Now is there and you’re free to use it now that Windows 8 is available. As for Windows 8 mobile, at the moment there is no technical opportunity to develop security solution for WP8, however we keep monitoring this OS. It’s a very similar story to iOS: closed platform and limited APIs.
When will Apple say yes to Kaspersky as an anti-virus solution for the iPhone?
Good question. Let’s ask Apple? 🙂
Why did your team remove the sandboxing?
We have found that very few users have actually used our Sandboxing features. After further investigation, we found out that the majority of customers want a more targeted approach for their personal security so we eventually implemented our Safe Money feature. This feature brings real value to the majority of customers by safeguarding their financial transactions. Also, developing a full-sized, reliable and compatible sandboxing solution would cost us a lot of resources that we prefer to spend on the features for most of our customers. Keeping in mind Windows 8 kernel-mode limitations we decided to shift the protection scope from “defend from something” to “protect your money”.
I work in a company that puts me in position to influence the adoption of consumer and business security software; however, at what point do you think companies will get on board and make the investment to protect their assets and data? I have come across companies that have experienced major, expensive security attacks and yet they still do not adopt the level of security required. Yesterday I heard about a local school that laid off their entire IT staff. Another company here state-side was fined over $1 million USD for a lost/stolen laptop. Inexpensive security measures could have prevented that. When will people finally realize that they need to protect their data? Will it be too late by then? What can we do?
We do our best to educate SMB users, as well as those in the corporate sector who are our current and potential customers. The problem with IT security is that to manage it effectively, you have to understand how it works. And there is a gap between a skilled IT specialist and the CEO. I mean people who make decisions for the company. Of course the CEO should not be a security expert but he is to heed what the CIO says regarding that. An IT specialist knows what potential threats are out there, but often cannot explain the value of protection and security measures by using business language. Business people do understand the language of money, but know squat about security. And until there’s a bridge to connect them, there’s not a single chance that company would be secure. But nowadays more and more managers come to the market with huge personal experience of living online. This was not really the case 10-20 years ago. And as email users, social media users, mobile banking users, they start to get more and more concerned about corporate security. So, my answer would be – corporate awareness is getting better each day.
How do you see in the future of IT devices for users and the importance of security?
Most science fiction books and movies would become true: augmented reality, Google glasses, tremendous progress in robotics and mobile infrastructure. In 10 years from now most people will become connected 24/7 – they will see each other, hear each other in any part of the world, they will work without going to the office, they will share more and more information about their life with friends and colleagues. And, by doing so, potential cyberciminals could manage to find more and more ways of grabbing this information for their purposes. Remember the old saying – “who owns information – owns the world”? That will be pretty much the case in 10 years.
I’d like to know if Kaspersky gives full support to the Windows 64-bit OS versions.
We are following Microsoft recommendations and best common practices while developing our software. In some cases it makes sense to build your executable using 64 bit architecture but it’s usually required when you need to address a lot of system memory. As we are very concerned about the performance of our software and trying to reduce the performance footprint on the PC while our AV is working, there is no great need right now to rewrite our software in 64 bit. But if we’ll see it bring additional benefits in the performance and security areas, we’ll do this at once.
You said 2013 will be the year of Android malware. Considering that Android has conquered a big slice of the tablet and smartphone market, what will be the further improvement of protection in the next Kaspersky Mobile Security? And, since cybercriminals target Android OS more and more, like for instance through the USSD Exploit Test that, opening a specific web page resets the entire device and cancels everything on it. Maybe the time has arrived for a sandbox for Android as well?
We have already released update on Google Play, which closes USSD vulnerability. As for sandbox: please stay tuned 😉
How come, regardless of the good quality of Kaspersky security products, the company cannot stop the piracy phenomenon on its own software? It’s surprising how easy it is to find illegal keys of your products. This is a double problem: for the company itself, who loses credibility, and for the clients who buy regular keys, because they feel “less smart” since they have paid for something you can get for free and cracked.
Those who respect our work and those immense efforts we make every day to make the world a better place never would crack our products or use fake keys. But if they do, this is their choice. They decided to steel money not from us, but from millions of people who really try making the world safer by buying our products and by doing that support our research and development process. It’s never been about the possibility of cracking someone’s products – hackers have been there since the beginning of the Internet era. But there always will be people who buy someone’s piece of hard work and those who steal it. And it’s a question of moral attitude, not additional product protection. By the way, for each Kaspersky Product we absolutely know which one is fake or genuine. When the databases are updated we know whether the key was generated by the company or by an illegal tool. So we know exactly how many fake Kaspersky products are out there. But the good news is that the percentage of counterfeit products is very small. We have more friends than foes.
Do you plan some big changes in 2014 version, such as native version for 64-bit systems or new engine?
Oh yes:) But I don’t want to spoil the surprise. Stay tuned to my blog and official corporate blogs: Safeguarding me, Threatpost and Securelist.
Why is there only Internet Explorer in the browser configuration settings in KIS 2013? Will other browsers (such as Google Chrome) appear in time?
There will be improvement in the product towards better browser support, but I don’t want to be too specific where these changes will occur. We are looking at what browser companies are doing in the area of privacy (tracking) and checking whether this area can be interesting for us.
In which direction will Kaspersky products evolve? Can we expect methods that will block tracking and personalization of ads, banners and such? Can we expect technologies that will use modern RAM modules and fast processors to boost scanning time?
For boosting the scan time there’s no big need in memory: most of the scan time is being spent in IO operations, so you better buy the SSD drive.
Are you planning to integrate in your products such functionality as recognition and blocking of police ware – software, crated by states for spying on their citizens? If yes what would it be? Some kind of proxy? Or firewall?
Policeware: we are not going to immediately block such software as it’s not malware, if we’ll find it. Most users will get an alert about ‘not-a-virus’ software that is causing a potential remote administration/data interception possibility. If there’s a keylogger, we’ll detect and remove it in any case, while checking its origin. Also, I’m not even sure that there is a lot of evidence of which government is using computer software to look after their citizens. To my mind, most of the government surveillance happens on the carrier side, on the Internet channels, and these are out of our control.
In order to detect the virus in a suspect file, most anti-virus programs check the appropriate base. My question is: is there any anti-virus solution that will not require signature database to detect the infected file?
Kaspersky Internet Security and Pure are not antivirus software anymore. Those are products with artificial intelligence if I may – sometimes they don’t know this new malware, but they can judge by its behavior that this is a suspicious code and if this code proves to attempt doing something bad, it gets blocked before it actually gets a chance. But software is not human – it’s software after all, and software require a base to work with. That’s why signature databases and whitelistings are essential to assure better protection. I don’t think they would ever disappear.
On television, I saw your speech in which you said that antivirus detects known threats, and 80% of the total are unknown. Why then do we need an antivirus, if it does not “see” 8 out of 10 viruses?
Premium antivirus software like Kapersky KIS and Pure blocks 99.99% of attacks. You can see the test results that independent third party experts do for the market. What I meant was that at all times we know about 80% of all existing malware and are ready to kill all the rest using our proactive defense – the defense with AI that actually does act not just by comparing a code to the database of known viruses, but by analyzing 100% of environment behavior. This includes all of the processes going to the memory of your laptop or mobile, all of the links, all of the ads. And this makes you 99.99% safe. I leave 0.01% for exceptional cases that never occur. When something extraordinary happens you can always go to an official Kaspersky website and get a free malware removal tool. We have made them many times.
Is it true that you write viruses to detect them after, and then make money by selling new versions of antivirus software?
This is a very strange question. There are millions of pieces of malware in the world and it`s necessary to work day and night, 365 days a year to struggle with them.
Is anti-virus software able to remove malicious applications that force computers to go to cycle mode (ON-OFF-turn, etc.). Even if I can solve this problem on my own, I would like to just install security software and not to think that it can happen.
Yes, no problem. Our products, with the definition of a serious threat to themselves boot your computer, manage itself before any system files will be downloaded, and neutralize the perpetrators. And in the new version of Windows 8 such functionality is supported at the level of the core system. Our product is perfectly integrated into the system.
When should we wait for a “vaccine” against viruses?
Obviously, not until the appearance of a panacea for all diseases 🙂
People from the United States complain that Facebook is spying on its users, even if they are not currently logged in. Why doesn’t anti-virus and other software warn them of these actions?
Because in Facebook’s disclaimer it is written that the data may be used by third parties. We strongly recommend reading the disclaimers. Unfortunately, users often do not consider it necessary.