A BLOG BY MELIH ABDULHAYOGLU

Much is being made about including Sandbox in security applications nowadays.

Whats the big deal?

Well, its not a big deal to be honest. So what if you bundle a readily available application like sandboxing along with your Anti virus! It really is not a big deal at all. Majority of vendors are using this bundling to justify charging for their Anti Virus amidst Microsoft making their version free. They are saying, hey pay for our Anti Virus cos it has Sandox in it.

So why don’ t I see this as anything earth shattering but just a marketing gimmick?

Well for one because there are free Sandbox applications available, but more importantly so what if you have a sandbox! Overwhelming majority of end users are not going to know which application to sandbox or not. I mean how about malware that silently infects them? How will on demand Sandboxing help? How can user’s put these malware that they don’t see into sandbox? Just bundling a new application and expecting the user’s to change their behavior is NOT an easy thing especially when they also have to be experts at catching hidden infections so that they can sandbox them! believe me, we are world’s leading HIPS provider with over 25 million installations. And HIPS for consumers does teach you a lot about usability!

We need a sandbox in a security application not as an add on, but as an integrated part of the security application, being used by the security application (this is a HUGE difference, pls note!). When an unknown application is detected, this should automatically be sandboxed. This way user can continue doing the work without being disturbed with unnecessary alerts, while the security of the system is maintained because the unknown application is held within the sandbox.  This sandboxed application can then be sent to Anti Virus labs for further analysis and, depending on the outcome, can be deleted from sandbox or simply taken out and put on the Hard disk.

Now this is the way to use the Sandboxing technology in a security product like an Antivirus, achieving default deny based security with no pop ups or requiring decisions from user’s side! That is what is called Automatic Sandboxing TM. This is the revolutionary patent pending technology from Comodo! Default Deny Protection with virtually no pop ups is now reality!

Thanks

Melih

Talk Back

Now, we’ve all heard about  detection, prevention, cleaning, behaviour blocker, firewall, Antivirus, Anti malware, Anti spyware, Anti Trojan, Anti Rootkit, Adware, HIPS, Internet security suite, detection tests, antivirus tests, penetration tests….it can be confusing right ;)… What is what and and more importantly what do I need as a consumer!

I will try to explain whats involved in desktop security products and hopefully will arm you with enough knowledge about what to expect from them in an interview like style, hope you like it.

First of all: What the hell is a Virus, spyware, trojan, rootkit etc?

Well, you know when you click on an application to run….. well it’s just that.. a malware (which is a general name used for all the bad stuff like virus, spyware, trojan, rootkit and so on) is an application (a program that is made of bunch of code that a programmer puts together). Just bunches of code that you send to your CPU (Central Processing Unit) for execution. For example you send a code (an instruction) to your CPU to turn a specific Pixel on your monitor to a specific colour or you when you press a key you tell your CPU to go ahead and display the key pressed on the monitor.. Malware sends instructions to your CPU to do nasty stuff.. thats the only difference between a good application and malware.

Now that we get what malware is…which security product do I need? What is anti virus? why do i need Firewall and million other questions in my head as the consumer.

Lets get to the basics…..the security products can be classified into 3 areas

1)Prevention: Eg it prevents stuff from coming into your computer in the first place
2)Detection: it detects when stuff enters your computer (but only if it recognizes the nasties)
3)Cleaning: You are toast, cos you are infected so need a decent product to clean up the mess.

(by the way you can read more about these 3 areas Prevention Detection Cleaning(cure) in this blog)

So lets start by talking about AVs (Anti Virus)

A good analogy to Anti Virus would be a policeman who has a Photo Fit of a murderer and trying to find/detect that criminal amongst the people/files. So is Anti virus 1, 2 or 3?

Wow.. good job…you guessed right.. its 2! It can’t stop someone becoming a criminal but can detect them. So an Anti Virus product could never prevent a new Virus it doesn’t know about from infecting your machine. Just like a policemen can’t arrest a future murderer cos they haven’t committed the crime yet.  Anti Virus products were invented in the late 1980’s as “Cleaning” products. Those days infections were at the speed of how fast you could exchange a floppy disk with your friends  But nowadays the number of malware is increasing drastically and the speed in which the infections occur is increasing, thanks to internet. So can your Anti Virus company give you a guarantee that you will not be infected because they can’t possibly know the next Virus? Of course not, that’s why using Detection only mechanism as your sole protection will leave you as secure as a little lamb in the African desert surrounded by hungry lions! So today’s Anti Virus products are a reactive technology, thats why people still get infected even though they have Anti virus products installed….and they scratch their head, puzzled as to why they got infected!

What is Anti Spyware then?

Same as above…. there are few different nasties and they have been classified as virus, spyware, adware, rootkit etc etc.. at the end of day they are all Bad Code written by bad people. And when you put an Anti in front of the specific threat it becomes the product that is used to clean or detect these baddies.

Ok what is Anti Rootkit then?

Same as above… Products that is used for detecting baddies, but at the end of the day they are all baddies… just different names cos they way they operate is slightly different..at the end of the day they are all instructions sent to your CPU to do nasty stuff, from deleting files, to stealing your confidential information, to stealing your CPU power and internet connection.  Same goes to Anti trojan, anti this and anti that…. same stuff…

What is a firewall then?

Firewall has 2 tasks really…one to stop people from getting access to your pc from internet..its like your internet door.. (but don’t be fooled cos everytime you browse some website you are opening this internet door to that website…just having firewall doesn’t mean you are secure). And the other task is for detecting if anyone is making a call home from your PC. Go to your local Clothes shop and try to steal something…..the alarm you will hear, as you try to get out of the door while 2 big guys are running towards you, is because the garment is tagged, so anything leaving the premises will raise alarm. Well thats firewall for your computer. It will sound the alarm bells if someone is trying to make a connection from your computer to the outside world. (Btw, I hope you didn’t go and steal Clothes… resale value is not there..try electronic goods )(just joking…..). So Firewall falls into both Prevention and Detection category…

So what can clean my computer if i get infected?

Now thats an important question…. Cleaning infection is not as simple as deleting a file on your hard disk. Some of these nasties hide themselves well and bring themselves back to life even after your Anti Virus deletes them at every start up of the operating system. Depending on what kind of nasty has infected you the choice of the cleaner (Anti Virus) product could be determined. The only sure way is to reformat your computer It sucks..I know…but imagine this, if you are an Anti Virus product  “you don’t know what you don’t know” , which means you can only clean what you know of, but how do you know there aren’t other baddies in your computer that your Anti Virus doesn’t know of Don’t get me wrong, in good number of cases you only have an infection that an Anti Virus can clean, but being sure that you are not infected….is priceless!

So how do I prevent these nasties coming into my computer in the first place?

Well, you have to know how they get in and pull the rug under them!

They get in utilising latest vulnerabilities in your system. So its important for you to keep your system up to date..but i guess you heard that before! One of the nastiest ways is the Silent infection called BO… and no its not Bad Odour.. even though when that happens it does leave bad taste… its Buffer Overflow attack. Its as simple as you going to a web site and you get infected.. yup.. as simple as that..

So what does infection mean again pls?

Remember its just a piece of code that sends your CPU instructions to get your CPU to do nasty stuff like giving out confidential information etc.

Oh yeah..I remember…

So how do I stop these coming into my computer in the first place?

Excellent question! (By the way, this is THE MOST IMPORTANT STEP in your security strategy..stop them from coming into your computer in the first place)

There are new breed of security products called HIPS (Host Intrusion Prevention Systems). These products will not let any application/executable (piece of code that we talked about before) unless they are authorised.

well, that sounds good doesn’t it?

Yes it does! I use one of these (Comodo Internet Security).

These products literally block any code/instruction going into the CPU unless they are authorised.. its like a doorman at the night club saying: Sorry, your name is not in the list, you are not coming in. It denies the access to the CPU to any unknown and unauthorized piece of code (application). So why isn’t everyone using these?

The only potential issue is that they can be chatty and asking too many questions to the user if it hasn’t got a big list of authorised list of applications. I mean you don’t want to be disturbed everytime you run an application. Luckily with products like CIS (Comodo Internet Security) the number of times you need to get involved to answer a question is minimised.

You see the bottom line is: You should prevent any malware coming to your system if you have a clean PC. Cos you want to keep it clean. For that you need to use Prevention based products.

If you have an infected computer than you need to use Cleaning Product. An Anti Virus in main is a cleaning  product. So you need an Anti Virus product to detect and hopefully clean the infection. Some people use Anti Virus only to protect themselves. Yep you guessed right, they are the perfect guinea pigs for virus authors! I mean come on… what do you think Virus Authors do when they create their Viruses? Of course they check to see if any of the major Anti Virus products detect it or not! Only when they test it with them and be sure that they are not detected, they go ahead and release their creation to these guinea pig population of people who think they are secure cos they are using legacy Anti Virus products. Of course there are also other kind of Virus Authors who release their viruses even though Anti Virus products detect them right off the bat.. They are the stupid ones! We like them that way though 

But how about Anti Virus testing? doesn’t this tell us how good security is?

NO!

What do you mean no?

Its a No to your question! What part of the No do you not get?

Let me explain you how these tests are done: First of all, these tests do not and CANNOT test if these Anti Virus products will stop new viruses or not. These testers only have some limited access to some limited amount of malware. Basically, they put all these malware into a Computer’s hard disk and run the Anti Virus scanning to see if these Anti Viruses detect them or not. So it only checks detection capability of an anti virus product and ONLY for the subset of viruses that the tester have. I mean what tester might have nothing to do with whats out there and so on. In reality no Anti Virus vendor have access to 100% of all malware out there either! No AV company can! Which means they will always be playing catch up and cannot prevent malware that they don’t know of or don’t detect from infecting your computer. Remember, thats why I said Legacy Anti Virus products that exist today are all reactive in nature and playing catch up and NOT preventing a virus they don’t know from entering into your computer.

So how about Email scanning, IM scanning and web scanning? There are products who do these isn’t it important?

Ok, lets remember what a malware was.. piece of instruction designed to do bad stuff. You see, these instructions must come from somewhere to the CPU.. now for a computer these things can only live in 2 places… Hard Disks or RAM (it could also be like USB storage etc but you get the gist). What you see on email is either on hard disk or RAM… what you see on the web is either on your hard disk or RAM… what you see on your IM is either on your hard disk or RAM, period.. Marketing people will try to make you think that they are stopping bad stuff from coming into your computer before it hits your computer but thats misleading. All these emails, web, IM and so on are already in your Hard disk or RAM. As long as you check the hard disk and RAM and use prevention based technology, then you know that those baddies can’t get in and cause damage.

So in summary…a security product can provide you

Prevention
Detection
Cleaning

and you need to prevent the bad stuff coming in to your computer in the first place. For that you need prevention based technologies.

Melih

Talk back

Bollocks to that!

Symantec says “free antivirus software isn’t able to keep up with full-price suites like those offered by Symantec.” I say Bollocks to that!

Symantec says “free antivirus software isn’t able to keep up with full-price suites like those offered by Symantec.” I say Bollocks to that!

And I do agree with what Symantec says when they say: “there is a very, very big gap between what antivirus does and the threats that are being delivered today.” And thats exactly why CIS has a “Default Deny” technology.

And again I do agree with what Symantec says when they say:

“Don’t get me wrong, antivirus is very important, but it is the last security technology that you want to rely on for protection. It means that you’ve been infected: threat has actually gotten to your machine. So, it is the last layer of defense that you ever want to have activated.

“It is very important, but we would much rather stop the threat from ever getting to your machine, rather than rely on what we call a reactive technology, where the threat has already been delivered to your machine already.” And that’s exactly why Comodo has Prevention as the first line of defense with “Default Deny” technology.

And once more I do agree with what Symantec says when they say:

“If you look how most infections are coming now, they are coming from drive-by download, and while these often do come through the web browser, attackers are not necessarily only targeting the web browser. Think about all the plug-ins you have installed on your machine – RealPlayer, Flash, QuickTime – all of these have vulnerabilities too.”

But I say, once again, Bollocks to what Symantec says when they say:

“That’s why free antivirus is not enough: you need in-depth layered technologies, which only come from the more mature paid suites.”

Bollocking aside :), Its good to see that Symantec is trying to follow in Comodo’s footstep in trying to introduce layered security products. Although late to the game of Layered Security, I still welcome their initiative.

However just because they haven’t done a free product business model doesn’t mean that others can’t. There were people who claimed, heavier than air vehicles couldn’t fly, claiming free based model can’t offer equivalent and even better security than paid for products is as big of a fallacy as the above claim about flying! Just because you can’t make it work doesn’t mean that others can’t Symantec! Just look at Comodo.

Melih

Talk Back

I have now created a Video Blog. I will be posting my views on this video blog regularly.

thanks

Melih

Cyber Terrorism is about turning the very technology of Computing against human race, nations or for political agenda!

Will Cyber Terrorism happen? Should we really worry about it?

Depends if you are an ostridge or someone who cares about his/her future and want to proactively secure it!

If you are an ostridge then go ahead and bury your head in the sand and pretend everything is hunky dory! (here is a picture of how to do it)

On the other hand if you are serious about your and your kid’s future lets discuss it further!

1) In about 20 years a $700 computer will have same processing power as a human brain

2) Over 170Million of these computers are manufactured every year.

3) Terrorism thrives on brain washing human beings so that they can be exploited. Computers are totally brain washable!

4) Unlike physical world terrorism, in the online world terrorism you would need access to many more computers to gain substantial power.

5) Today our computers can be taken over and brain washed. Practically speaking there isn’t much that is preventing it

6) Internet is the back bone that connect us all: There has never been, in human history, where humans have been increasingly relying on a technology where this technology is doubling its capability/power every 18 months! We continually add new ways to be dependant on Computers and internet. Computers double in their capability every 18 months. We are becoming dependent on Computers and Internet more and more every day.

7) Almost all users have no idea about which applications/executables are running in their computers! Yet they know the people live in their house! Computers are our digital homes and we don’t know who live in them!

Its a connected world! A person in China is connected to a person in Washington, the days of trying to create a perimeter security, like a city within Castle like they used to do hundreds of years ago, is not a viable model anymore!

9) Can technology be turned against us? Of course it can, we are constantly being attacked by the very technology we create. Its a sad example how simple planes caused 911! Technology can and will be used against human race! Computers and the internet is the next big vulnerable technology that can be turned against us that we are nurturing, that we are depending more on everyday.

 So, how do make sure we don’t give birth to these 170Million babies and throw them out to streets for terrorists to brain wash and control?  Do we have to spy to see whats happening in every computer to protect us? Is that feasible?

The answer is No! We don’t need to spy on every computer. The good thing is that majority of human race do not want terrorism, they don’t want to aid terrorism, they don’t want to be used by terrorism. As long as we can enable these people with means to protect their computers so that their computers do not fall into the wrong hands, we can reduce the risk of cyber terrorism! Remember, for a large scale attack terrorists will need large amount of computers.

So how do we enable users?

We give them tools that work! And do so for Free!

You have to create a paradigm shift not at one level but two!

1) you have to build security technology that works!

2) create a business model of giving this security technology for free while still running a profitable business.

2 huge challenges that I am proud to report that we have solved!

1) Security technology that works: We can no longer fight viruses using a 25 year old technology called AntiVirus! Anti Viruses have lost the war, period! Anti Virus should not and can not be your first line of defense in your security! Anti Virus is a default Allow system. Consumers spend over $5Billion (Billion with a capital B) on something that really doesn’t protect them! The security model needed to change, from default allow system to a default deny system, from detection being your first line of defense, prevention being the first line of defense. That is what we have achieved. We have world’s first Layered Security Product where Prevention (default deny) is your first line of defense, followed by Detection and then Cure. Now with this the computing infrastructure can be a much safer place where your computers won’t fall victim to brainwash!

2) Business model for the masses: People who can scrape together few hundreds of dollars to buy a computer can’t afford to pay for security in most of the developing countries! Security cannot be a luxury but a right! So the business model must enable this right of the consumer to be protected! Again, Comodo is the first Company not only to innovate in a new security model but also a new business model to give full security products for free to end users!

All we need is to get the word out. The more computers we protect, the less for the terrorists, fraudsters and malicious people to get their dirty hands on! Cyber terrorism is a reality that we don’t have to live through! It certainly is a possibility but a possibility that we can mitigate! But not by doing nothing, not by everyone expecting everyone else to do something about it, not by burying our heads in the sand!

We need to get the word out and protect every computer! Its a connected world, its a different world, its a world where each individual is the warrior and the victim!

Thank you

Melih

Talk Back

You might have heard about XP Antivirus 2008 and XP Antivirus 2009, fake security products which are actually malware, infecting unsuspecting victims!

The irony here is that our inability to Authenticate what is legitimate what is not is hitting us right where it hurts! Our security! Its one thing to be able to validate whether you belong to a “tunnel digger association” or not and its another to believe that an application is a security software and install it, but only to realise its actually a malware!

This is a very poignant point that demonstrates Authentication not only enables but also protects!

Melih

Talk Back

And this is directed at anyone who claims to be testing Anti Virus products!

Somebody asked me once: Hey Melih, how many percent of the viruses do your Anti Virus product detect?

My answer was: 100% of the ones we know of! If we have the malware then we simply create a signature for it and update our db!

So all this AV testing means is that the AV tester “might” have malware that the AV provider doesn’t. (I say “might” because noone can validate if they actually have real malware or not either!)

Actually there is no single entity that exists that can claim to have all the malware out there. All these companies, individuals, AV testers have only a subset of all the malware out there!

So what service is this AV Testers providing to end users, apart from saying, Ha Ha, look I have something you don’t to AV companies and claiming this is a test?

Wouldn’t these AV testers be helping the users more if they provided all the malware they know of to AV companies so that they all can start protecting their users better? Are they choosing fame over user security?

Wouldn’t it be better to provide all the malware they have to all AV companies and then test those AV products to see if have the “capability” to detect and remove those malware? Or test the speed of AV companies from being aware of a virus to detection?

Isn’t this like saying: Na, na na naaaa, I know a burglar in my street that you don’t Mr Police!? Why are you not protecting your neighbours by providing the details AV testers?

Ask yourselves AV Testers: Are users really benefiting from your actions? Or would they benefit better if you provided all your malware samples to Anti Virus companies let them detect all these malware you provided and then do a test to see which AVs don’t!

I urge all AV Testing organisations to adopt new and better ways to serve the users better!

Melih

Talk Back

Hey, come on.. I have seen  your video!!! You were there! Are you pulling my leg?

The surveillance camera got you! You should have smiled

Technologies we take for granted as a trusted source of truth will soon start lying to us!

Check this footage……

http://technology.timesonline.co.uk/tol/news/tech_and_web/article4557935.ece

Soon you might see yourself on TV confessing to  a crime that you did not commit along with your footage of a surveillance camera clearly showing you committing the crime, but you know you didn’t!

Soon you might see the President declaring war on TV, but in fact he didn’t!

Soon you might see the information we are being fed can no longer be trusted!

Well, we know we can’t trust what we read unless we can verify, but now, we can’t trust what we see/watch either!

Who/what can you trust? How can you verify? The role of Authentication!!!…..its only the beginning!!!

PS: Does this mean its the end of movie stars?

Melih

Talk back

Human potential unleashed through a Trusted Internet.

Communications has advanced the human race through the ages because it helped us retain and share vital information and behaviors. The first cave paintings and written scrolls evolved to printing presses and books, which then, exponentially, ignited scores of other revolutionary developments. In just 100 years, for instance, we learned how to traverse vast distances in jet planes what would have taken weeks on horseback!  This is why believe communications advances human potential.
 
Now the Internet has become the central communications engine of our time, expanding our reach more broadly than ever before. With this tremendous reach however, the Internet has yet to achieve its full potential as a Trusted Internet. Today, we must contend with an Internet fraught with fraudsters as we singularly contend with challenges of trying to figure out who and what to trust online. We go online but we do so knowing that not all sites are equally trustworthy or that we probably shouldn’t trust most online sites with our very identities.   

This is why we, at Comodo, have committed our hearts, minds and resources to the vision of a Trusted Internet. This is where every digital interaction, every online interaction will include a new layer of security and trust enabled by an entire infrastructure designed to help us create mutual and real time trust. In a Trusted Internet, we can find what we want online without wasting our time with untrustworthy merchants. We can shop far more efficiently because we can verify the site’s credibility and business practices – immediately.

And with a Trusted Internet, we will be able to do things we can’t even try to do today. With a Trusted Internet, our PCs will automatically be able to find products or information we want from reputable, authenticated merchants and “subject matter experts”.  Our computers will be able to vigorously and proactively defend our identities ensuring, in real time, that our information is safe and has not been compromised.  But most fundamentally it means that we will all able to connect with each other with full confidence that we can create trust online when and where we need it. 

And for it to benefit everyone, it must be delivered as a right to everyone; not as a luxury or a privilege dependent on a person’s ability to pay! To reach this state, we intend to change behavior and help people move from not using PC security because they can’t afford it to using PC security because we  give it away for free. We intend to change people’s low expectation of not being able to authenticate anything online to being able to authenticate everything online – identities, content and even a site’s legitimacy.

This will be how the Internet and the power of communications intersect, unleashing new ways for us to communicate, collaborate and exchange ideas that advance us all.  And this is why Comodo believes that creating trust online is a mission that inspires us forward towards our vision of a Trusted Internet!

Thanks

Melih

Talk Back

People often come to me and say, hey Melih why don’t you protect Music and Videos, look at the piracy they suffer from etc. So I thought I should write this blog to explain the issues involved.

Content, whether Audio or Video is not difficult to protect! Honestly, the technology has been around for a long time.

However, what is difficult is to implement a practical solution that will work ubiquitously in the industry! There are divided interests and the dreaded big “Trouble Triangle” that stops it from happening!

Now, the Publishers (the people who make money from selling Content, like Music and Videos) want to, and rightly so, protect their interests against piracy. Of course the triangle is 3 fold. We have a publisher who creates the content, we have a hardware manufacturer who builds the hardware to play this music or video and we have the Users who has the hardware and the content (music/video).

Now, to achieve a secured/controlled distribution to mitigate piracy you need to convince at least 2 of the 3 parties in that triangle! Any 2 and you have a controlled/secured distribution!

Publishers: it is obvious as to why they would want to secure their content.

Hardware Manufacturers: Some might want to do deals with major content providers in return for some market share, but Hardware manufacturers do not want to limit their markets by limiting who can buy their products.

Users: They just want content! Its fair to say that in general they don’t care about security or control of distribution channels (yes yes, i hear some of you saying that they should.. but lets get realistic here.)

while distribution is getting easier (Internet and downloads, compared to records and CDs of 70s and 80s) unless 2 of the 3 parties (has to be ubiquitous and just having one hardware provider won’t do) are interested in pushing security and control, I find it difficult to see how security and control can be established.

However, saying that, this could represent a new opportunity and a new business model for content providers turning this lemon into a lemonade by adopting a new business model by piggy backing on this new distribution era.

Thanks

Melih

Talk Back