A BLOG BY MELIH ABDULHAYOGLU

I have now created a Video Blog. I will be posting my views on this video blog regularly.

thanks

Melih

Cyber Terrorism is about turning the very technology of Computing against human race, nations or for political agenda!

Will Cyber Terrorism happen? Should we really worry about it?

Depends if you are an ostridge or someone who cares about his/her future and want to proactively secure it!

If you are an ostridge then go ahead and bury your head in the sand and pretend everything is hunky dory! (here is a picture of how to do it)

On the other hand if you are serious about your and your kid’s future lets discuss it further!

1) In about 20 years a $700 computer will have same processing power as a human brain

2) Over 170Million of these computers are manufactured every year.

3) Terrorism thrives on brain washing human beings so that they can be exploited. Computers are totally brain washable!

4) Unlike physical world terrorism, in the online world terrorism you would need access to many more computers to gain substantial power.

5) Today our computers can be taken over and brain washed. Practically speaking there isn’t much that is preventing it

6) Internet is the back bone that connect us all: There has never been, in human history, where humans have been increasingly relying on a technology where this technology is doubling its capability/power every 18 months! We continually add new ways to be dependant on Computers and internet. Computers double in their capability every 18 months. We are becoming dependent on Computers and Internet more and more every day.

7) Almost all users have no idea about which applications/executables are running in their computers! Yet they know the people live in their house! Computers are our digital homes and we don’t know who live in them!

Its a connected world! A person in China is connected to a person in Washington, the days of trying to create a perimeter security, like a city within Castle like they used to do hundreds of years ago, is not a viable model anymore!

9) Can technology be turned against us? Of course it can, we are constantly being attacked by the very technology we create. Its a sad example how simple planes caused 911! Technology can and will be used against human race! Computers and the internet is the next big vulnerable technology that can be turned against us that we are nurturing, that we are depending more on everyday.

 So, how do make sure we don’t give birth to these 170Million babies and throw them out to streets for terrorists to brain wash and control?  Do we have to spy to see whats happening in every computer to protect us? Is that feasible?

The answer is No! We don’t need to spy on every computer. The good thing is that majority of human race do not want terrorism, they don’t want to aid terrorism, they don’t want to be used by terrorism. As long as we can enable these people with means to protect their computers so that their computers do not fall into the wrong hands, we can reduce the risk of cyber terrorism! Remember, for a large scale attack terrorists will need large amount of computers.

So how do we enable users?

We give them tools that work! And do so for Free!

You have to create a paradigm shift not at one level but two!

1) you have to build security technology that works!

2) create a business model of giving this security technology for free while still running a profitable business.

2 huge challenges that I am proud to report that we have solved!

1) Security technology that works: We can no longer fight viruses using a 25 year old technology called AntiVirus! Anti Viruses have lost the war, period! Anti Virus should not and can not be your first line of defense in your security! Anti Virus is a default Allow system. Consumers spend over $5Billion (Billion with a capital B) on something that really doesn’t protect them! The security model needed to change, from default allow system to a default deny system, from detection being your first line of defense, prevention being the first line of defense. That is what we have achieved. We have world’s first Layered Security Product where Prevention (default deny) is your first line of defense, followed by Detection and then Cure. Now with this the computing infrastructure can be a much safer place where your computers won’t fall victim to brainwash!

2) Business model for the masses: People who can scrape together few hundreds of dollars to buy a computer can’t afford to pay for security in most of the developing countries! Security cannot be a luxury but a right! So the business model must enable this right of the consumer to be protected! Again, Comodo is the first Company not only to innovate in a new security model but also a new business model to give full security products for free to end users!

All we need is to get the word out. The more computers we protect, the less for the terrorists, fraudsters and malicious people to get their dirty hands on! Cyber terrorism is a reality that we don’t have to live through! It certainly is a possibility but a possibility that we can mitigate! But not by doing nothing, not by everyone expecting everyone else to do something about it, not by burying our heads in the sand!

We need to get the word out and protect every computer! Its a connected world, its a different world, its a world where each individual is the warrior and the victim!

Thank you

Melih

Talk Back

You might have heard about XP Antivirus 2008 and XP Antivirus 2009, fake security products which are actually malware, infecting unsuspecting victims!

The irony here is that our inability to Authenticate what is legitimate what is not is hitting us right where it hurts! Our security! Its one thing to be able to validate whether you belong to a “tunnel digger association” or not and its another to believe that an application is a security software and install it, but only to realise its actually a malware!

This is a very poignant point that demonstrates Authentication not only enables but also protects!

Melih

Talk Back

And this is directed at anyone who claims to be testing Anti Virus products!

Somebody asked me once: Hey Melih, how many percent of the viruses do your Anti Virus product detect?

My answer was: 100% of the ones we know of! If we have the malware then we simply create a signature for it and update our db!

So all this AV testing means is that the AV tester “might” have malware that the AV provider doesn’t. (I say “might” because noone can validate if they actually have real malware or not either!)

Actually there is no single entity that exists that can claim to have all the malware out there. All these companies, individuals, AV testers have only a subset of all the malware out there!

So what service is this AV Testers providing to end users, apart from saying, Ha Ha, look I have something you don’t to AV companies and claiming this is a test?

Wouldn’t these AV testers be helping the users more if they provided all the malware they know of to AV companies so that they all can start protecting their users better? Are they choosing fame over user security?

Wouldn’t it be better to provide all the malware they have to all AV companies and then test those AV products to see if have the “capability” to detect and remove those malware? Or test the speed of AV companies from being aware of a virus to detection?

Isn’t this like saying: Na, na na naaaa, I know a burglar in my street that you don’t Mr Police!? Why are you not protecting your neighbours by providing the details AV testers?

Ask yourselves AV Testers: Are users really benefiting from your actions? Or would they benefit better if you provided all your malware samples to Anti Virus companies let them detect all these malware you provided and then do a test to see which AVs don’t!

I urge all AV Testing organisations to adopt new and better ways to serve the users better!

Melih

Talk Back

Hey, come on.. I have seen  your video!!! You were there! Are you pulling my leg?

The surveillance camera got you! You should have smiled

Technologies we take for granted as a trusted source of truth will soon start lying to us!

Check this footage……

http://technology.timesonline.co.uk/tol/news/tech_and_web/article4557935.ece

Soon you might see yourself on TV confessing to  a crime that you did not commit along with your footage of a surveillance camera clearly showing you committing the crime, but you know you didn’t!

Soon you might see the President declaring war on TV, but in fact he didn’t!

Soon you might see the information we are being fed can no longer be trusted!

Well, we know we can’t trust what we read unless we can verify, but now, we can’t trust what we see/watch either!

Who/what can you trust? How can you verify? The role of Authentication!!!…..its only the beginning!!!

PS: Does this mean its the end of movie stars?

Melih

Talk back

Human potential unleashed through a Trusted Internet.

Communications has advanced the human race through the ages because it helped us retain and share vital information and behaviors. The first cave paintings and written scrolls evolved to printing presses and books, which then, exponentially, ignited scores of other revolutionary developments. In just 100 years, for instance, we learned how to traverse vast distances in jet planes what would have taken weeks on horseback!  This is why believe communications advances human potential.
 
Now the Internet has become the central communications engine of our time, expanding our reach more broadly than ever before. With this tremendous reach however, the Internet has yet to achieve its full potential as a Trusted Internet. Today, we must contend with an Internet fraught with fraudsters as we singularly contend with challenges of trying to figure out who and what to trust online. We go online but we do so knowing that not all sites are equally trustworthy or that we probably shouldn’t trust most online sites with our very identities.   

This is why we, at Comodo, have committed our hearts, minds and resources to the vision of a Trusted Internet. This is where every digital interaction, every online interaction will include a new layer of security and trust enabled by an entire infrastructure designed to help us create mutual and real time trust. In a Trusted Internet, we can find what we want online without wasting our time with untrustworthy merchants. We can shop far more efficiently because we can verify the site’s credibility and business practices – immediately.

And with a Trusted Internet, we will be able to do things we can’t even try to do today. With a Trusted Internet, our PCs will automatically be able to find products or information we want from reputable, authenticated merchants and “subject matter experts”.  Our computers will be able to vigorously and proactively defend our identities ensuring, in real time, that our information is safe and has not been compromised.  But most fundamentally it means that we will all able to connect with each other with full confidence that we can create trust online when and where we need it. 

And for it to benefit everyone, it must be delivered as a right to everyone; not as a luxury or a privilege dependent on a person’s ability to pay! To reach this state, we intend to change behavior and help people move from not using PC security because they can’t afford it to using PC security because we  give it away for free. We intend to change people’s low expectation of not being able to authenticate anything online to being able to authenticate everything online – identities, content and even a site’s legitimacy.

This will be how the Internet and the power of communications intersect, unleashing new ways for us to communicate, collaborate and exchange ideas that advance us all.  And this is why Comodo believes that creating trust online is a mission that inspires us forward towards our vision of a Trusted Internet!

Thanks

Melih

Talk Back

People often come to me and say, hey Melih why don’t you protect Music and Videos, look at the piracy they suffer from etc. So I thought I should write this blog to explain the issues involved.

Content, whether Audio or Video is not difficult to protect! Honestly, the technology has been around for a long time.

However, what is difficult is to implement a practical solution that will work ubiquitously in the industry! There are divided interests and the dreaded big “Trouble Triangle” that stops it from happening!

Now, the Publishers (the people who make money from selling Content, like Music and Videos) want to, and rightly so, protect their interests against piracy. Of course the triangle is 3 fold. We have a publisher who creates the content, we have a hardware manufacturer who builds the hardware to play this music or video and we have the Users who has the hardware and the content (music/video).

Now, to achieve a secured/controlled distribution to mitigate piracy you need to convince at least 2 of the 3 parties in that triangle! Any 2 and you have a controlled/secured distribution!

Publishers: it is obvious as to why they would want to secure their content.

Hardware Manufacturers: Some might want to do deals with major content providers in return for some market share, but Hardware manufacturers do not want to limit their markets by limiting who can buy their products.

Users: They just want content! Its fair to say that in general they don’t care about security or control of distribution channels (yes yes, i hear some of you saying that they should.. but lets get realistic here.)

while distribution is getting easier (Internet and downloads, compared to records and CDs of 70s and 80s) unless 2 of the 3 parties (has to be ubiquitous and just having one hardware provider won’t do) are interested in pushing security and control, I find it difficult to see how security and control can be established.

However, saying that, this could represent a new opportunity and a new business model for content providers turning this lemon into a lemonade by adopting a new business model by piggy backing on this new distribution era.

Thanks

Melih

Talk Back

A DOOR!

To help prevent intruders from coming in: PREVENTION

A BURGLAR ALARM!

To detect if someone has got in: DETECTION

AND

AN INSURANCE POLICY!

If everything else fails-insurance to rebuild everything back: CURE

Sounds simple right… We all have doors, majority of us have burglar alarms and insurance. This is the way we protect ourselves, our families and our belongings! We first PREVENT, we then DETECT and if all fails, we have the last resort CURE

Is there a house without a door but Burglar alarm? Of course not! And insurance usually would require you to have a burglar alarm! So the process and order of protection goes like this:

PREVENT

DETECT

CURE

I know, I know tell you something you don’t know, right!..

How about maybe I ask you a question

Why the hell don’t you have a door on your PC???!!!!

You have a Burglar Alarm… called Anti Virus product… but no Door?

What gives?

What do you mean ask another question but make it easy???

No I will stick with this question if you don’t mind! So go on then..

You see, Layered Security is the way forward, we should have all 3 layers in the way we secure our PCs, yet today we only have a burglar alarm! And our burglar alarm only goes off if and only IF it recognises the burglar! If the burglar is not in the list of recognised burglars, then tough… let him waltz in! Because your Anti Virus can alert you to a virus it knows. Any new ones that it does not recognise can walk right into your PC!

So, I am still waiting for your answer!

Bad isn’t it! Time to change the way you secure your PC and your Online Presence! Time to deploy “PREVENTION” as your first line of defense, and its time to make sure “CURE” is a part of the solution you are given! Because nothing is 100% fool proof! Yes Comodo comes close but nothing can ever be 100% secure (and anyone claiming 100% security is known as snake oil).

Its time for a change!

Comodo has built the most holistic and comprehensive security that does utilise Prevention, Detection and Cure as a methodology and provide all 3 in package!

You have no reason not to be secure!

Thanks

Melih

Talk Back

————————————————————————————————————————

Self Replication:

Self-replication is any process by which a thing might make a copy of itself or something similar to original.

Creater:

God, as far as any creation is concerned!

Initiator/Releaser:

Somebody/something that releases a creation with self-replication capability

Self awareness:

Self-awareness is the explicit understanding that one exists.

————————————————————————————————————————

The above are some simple terminology that will help us with the following story.

The question is what is a Machine? A simple answer would be: Any human created mechanical/electronic device. So a Computer would classify as a machine.

Thanks god that the Terminator like self aware machines are still yet tomaterialise! However, this does not mean that we are not fighting the war against machines!!! Machines don’t have to be self-aware to fight humans!

They just need to be programmed!!! Just like the DNA that gives us our code about what us humans should do, programs tell machines what they should do! One of the most sophisticated machines that we interact with today is a PC. Also as it happens it is one of the most connected ones! Which means infection can occur very easily between PCs. Just like organic viruses/bacteria use Air, blood or other method to infect other humans, Computer Viruses use the connectivity (Internet, email, wireless, shared storage devices etc) that we have been building for them! Now computers are more connected than ever, and this connectivity will only increase. These complex machines that we call PCs are being infected and turned against us! Not by other machines but by humans! Machines are being used, manipulated for ill gains! People are writing programs/codes to turn your home computer against you! To steal your information to benefit its Creator or its Initiator/Releasor. We have been fighting the very machines we paid $$$ for! And we have been loosing that war!! Now, there are more computer viruses out there than ever and the techniques used today are at best outdated! Computer Viruses (malware) are Self-replicating. Which means they go to a machine and infect it, then find ways in which it can use that very “host” it has taken over to infect the other victims it can find.

Sure they are not killing us, sure they are not demolishing our houses, the reason for that is today they are limited to our PCs! Their universe is our PC. But hang on.. don’t get so comfortable your life and house maybe safe but they can and they do steal your bank account details, they can and they do delete your valuable data, they can and they do use your machine to attack others! They are already fighting you! Yes its humans behind them, yes these Computer Viruses(malware) are not self aware, but do they need to be to cause you a damage? They are self replicating and they can mutate to avoid detection! Once released, their creator/releaser usually has no control of the damage they will create! If humans were files on PCs then these Viruses (malware) would be the worst AIDS virus that is airborne! Yep nasty stuff for poor files!

So the war has already began! We are already fighting this war one Computer at a time!  Because today’s security is ridiculously inadequate.

We have created “Preventitive” technologies like our Superb Comodo Firewall  however there are more than 400 Million Internet enabled PCs with a good chunk of them infected by these viruses/malware!

Time to get the “Human” element and start fighting these “Machines”! That’s where Comodo once again taking the lead and showing the world of security how it should be done, by creating “Free Malware Removal” by Comodo Security Experts! These security experts will remotely clean your machine and, if you wish to, install our Security technologies to protect you from future attacks and infections. 

Whether you like it or not, the war has began!

thanks

Melih

Talk Back 

Above images are taken from:

Wikipedia and ecliptic

Self denial

Ostridge mentality

Can’t face the music

Hard to let go

and so on… summarises all that you can say about the Current AV industry!

Hey guys: Wake up and smell the roses! You are fighthing 21st Century war in trenches!!! It does not work!!

Here is the Article  where AV vendors cry foul about a Contest at Defcon  . In this contest contestants will simply create new malware from the old ones by modifying the current ones.

 WOW…

No.. There is no WOW.. this is a well known technique well exploited by malware authors over and over and over! What do you think malware authors do, create malware and keep their fingers crossed that AVs don’t catch it, or simply test their creations against well known AVs make sure they don’t even blink at this new malware before they release it to the wild! Its old news. Let me explain: You take an existing malware and re-pack (encrypt) it with an obscure packer (encryptor) now you have an old malware with a new disguise! Yep as simple as that! Now, crying foul, whinging and poo pooing this contest is NOT what the current AV industry should be doing! It is silly to claim this contest will create more malware!! As if malware authors don’t have access to the latest virii making tools!! Cos they all do!

What is silly is the way we still defend ourselves using 25 year old technology!!!! For god sake, imagine going around with 1980’s cell phones today?? How cool would that be? But we are not ashamed to go around with a similarly old technology that we call AV products based on signatures!!

My point is not that AV doesn’t have a role in our security arsenal. It certainly does.

My point is: Signature based AV is not and cannot be your first line of defense, Period!!!

Signature based AVs work based on default allow , this kind of technology can no longer be trusted as your first line of defense as they will let some baddies in! What we need a Default Deny system where malware can’t surprise us!

Thanks

Melih

Talk Back