I'm watching all these things come together and the ingredients are there for a very, very dangerous time. We have a proven situation where some countries are clearly engaging in cyber war, or at least cyber espionage. We've proven software can damage hardware and infrastructure. If you want to target all these people in an organization, you need information about them. And the opportunity, between smartphones and Facebook, to leak a lot of information is there.
What changes or new measures are you advocating going forward in a new age of malware?
One thing that bothers me is the world currently expects their antivirus software to protect them. Every bit of AV in the world is basically a signature scanner. Which means it's great at detecting a virus that it knows about, but it can't see it if it's new.
It's been this way since the early '90s. The world decided signature scanning was the best thing to do back then. But now, the bad guys realize all they have to do bring out something new and it won't get detected.
Every AV line in the world gets about 3000 sample submissions every day. Of those, 25 to 30 thousand are new and unique.
Bad guys know when they release a new downloader to install their pay load that within a week it will be discovered and within a few days after that every AV lab will add it. But they don't care, because they have a ten-day window where they aren't going to be discovered by everybody and they will swap out the downloader every day. So they are just laughing.
Every AV product does have a behavior layer now, but they don't work it very much. One of the things I hope to do is encourage vendors to pay more attention to their behavior lab and developers. If the bad guys are facing a disparate number of products, each with a different behavior layer, that alone with make the infrastructure much less penetrable.
So you're saying AV, as it now operates, is becoming obsolete?
Yes, in my not-so-humble opinion, yes it is. But that can change. There are 25 AV programs in the world. If antivirus software were using behavior detectors rather than signature scanners, it would make a huge impact.
Sign up for Computerworld eNewsletters.