Eva Chen, chief executive of Trend Micro, has strong views about how effective the antivirus industry has been over the past 20 years.
According to Chen, the security industry has over-hyped how effective its products are — and so has been misleading customers — for years.
Chen believes that no single company can offer adequate protection against the sheer volume of new viruses that are being churned out by cybercriminals. According to the security industry, five and a half million new samples were detected in 2007.
Q: Trend Micro has recently moved to an 'in-the-cloud' service. Surely traditional security methods are still effective enough?
A: In the antivirus business, we have been lying to customers for 20 years. People thought that virus protection protected them, but we can never block all viruses. Antivirus refresh used to be every 24 hours. People would usually get infected in that time and the industry would clean them up with a new pattern file.
In the last 20 years, we have been misrepresenting ourselves. No-one is able to detect five and a half million viruses. Nowadays there are no mass virus outbreaks; [malware] is targeted. But, if there are no virus samples submitted, there's no way to detect them.
But how about analysis using other methods? You don't need to rely solely on antivirus.
Every year there's a new industry buzzword, but they always fail. Heuristics use a rule to inspect the file, but virus writers know this. They split the complete malicious program into different files, and download each file to test it against the heuristic rule. Each file looks innocent but, when combined, they become a virus.
Three years ago, the buzzword was 'personal firewalls', but you can't block everything. To have an effective personal firewall, you'd have to block port 80, but HTTP uses port 80. If you blocked that, no-one could use [the internet].
HIPS [host-based intrusion-prevention systems] have a lot of rules to tell if this application is trying to touch another application. HIPS behavioural monitoring requires files to be executed, so virus writers make sure they evade the rules.
So isn't 'in-the-cloud' computing suffering from the same hype?
Trend Micro has gone to cloud computing because it's a necessity. Usually, hackers now infiltrate websites. When a user clicks on a URL they are redirected to a malware-hosting site. They download the first components, usually a downloader, which downloads more components and a recompiler.
Two Trend Micro sites were infiltrated in March, weren't they?
That shows that it's everybody's problem. Our websites were outsourced and, in [website code], there are a lot of commands that can be compromised. An attacker can insert an Iframe through SQL injection. It was an Iframe-injection attack on the page we outsourced to a developer. I don't know which development company it was.
Do you know who attacked the Trend Micro sites?
We don't know who did it. It was a mass attack — 20,000 sites — so very hard to trace.
Trend Micro is in the process of a lawsuit against Barracuda Networks over a patent dispute. As Barracuda uses the open-source ClamAV engine, there has been disquiet in the open-source community that any company that incorporates ClamAV into a gateway-security product will be sued by Trend Micro. Is this the case?
I'm suing Barracuda, not ClamAV. The patent is about how to stop viruses in transmission. We've traded patents with IBM and Symantec, and settled with McAfee when they were Network Associates. We won the litigation with Fortinet. We respect other people's intellectual property; we just want people to respect ours. This has nothing to do with free software. It's about the implementation.
Talkback
OK, so what is the difference if an open source code like ClaimAV is running on a seperate server, firewall, upstream from say a webhosts webserver? Is Trend Micro going to sue everyone?
What if Barracuda just sold the box and listed open source options such as ClaimAV as compatible AV option to use?
When will the rebate checks from Trend Micro be going out?
Seems to me that some Eva Chen's responses were rather ill considered. Is she for real? Whilst aknowledging that AV companies have had a hard time keeping up, that doesn't invalidate their efforts.
And just why will 'in the cloud' be any different?
Hardly a good PR exercise to say that the antivirus industry lied for 20 years. Perhaps they did exaggerate a little.
I didn't get the logic for sueing Barracuda, can someone clarify?
All this talk about the cloud is just an attempt to get people to pay for something that they currently get for free. I think anti-virus companies, create the viruses in the first place, then sell products to make the problems go away. If there is a cloud... you can bet it's Black one.
This post has been removed by a moderator.
I believe Trend Micro's logic is that they are not suing ClamAV per se -- they would be suing Barracuda regardless of what antivirus engine Barracuda was using. Trend Micro alleges there are patent infringement issues - they are not over not the antivirus engine itself, but how the technology has been used in a gateway security product.
Think about it, if the court finally figures out that no AV can work unless in a hardware appliance, IMO it's a mute point. Whether the AV is located in a gateway, firewall, of gee, how many of those companies is Trend Micro going to sue? Come on Chen, this suit is just plain bogus and abuse.
It is typical (and aparently not illegal) for companies to exagurate the effectiveness of their products.
It is also typical of them to bash an old product in an effort to get us to buy the new one. In that regard, Eva Chen is no wistle blower, she's only saying this to get us onto the "In the clouds" bandwagon!
If M$ operating systems had decent security, such as only one admin account and only that account could install software and said software had to be installed explicitly, there would be no need for anti-virus products.
Yeah, just look at Microsoft and Vista... there's more than one lie there ;-) I intentionally fail to mention Office suite applications... I'd have lie too much
But what about end-users who keep passwords written down on post-its on their desks, 'cause they'd forget...
In Unixland that one user is root and generally it is considered wise not to give numpties that password. The average Joe user can then bumble along happily, perhaps infecting their own account, but not affecting the operating system itself.
Now, Unix and now Linux has been doing things this way for literally decades. Wintards will notice that things aren't done that way over their side of the fence ;-)
[dives for cover]
I use ClamAV on my Linux distros, but it is to prevent passing anything onto my friends using windoze, because windoze security features don't work, And I do not see where, 'being in the cloud' is going to make any difference.
My daughter uses XP privately almost daily on the web and for email, and has never had a system corruption or failure in at least the past 2 years. Perhaps her ISP is doing something clever, or perhaps the whole AV thing is over-hyped?
I fix computers on a casual word of mouth basis, mostly family and/or young people's computers. The overwhelming problems encountered are viruses and other malware, often in spades. The problems are often compunded by the loss of their installation CDs. There are so many computer users who have no understanding of security and how to keep themselves safe on the internet.
> There are so many computer users who have no
> understanding of security and how to keep
> themselves safe on the internet.
I'd go as far as to say that there are precious few users that DO know how to stay safe from harm online. I'd suggest that it should be taught in schools, but the only subjects that seem to be being taught these days are such as:
"How to create a highlighted section in MS Word V x.y.z"
Great
dude, give it up.
windows is a dead end.
if you want a virus free system, then use os/x.
there are ZERO virus in the wild for mac.
have a nice day.
.. or Linux, Solaris etc
Basically anything except Windows and friends.
ADM
Microsoft in the business of creating new business markets, lol
They are more on there way :D