How secure are you in cyber world?

By Balamurugan Selvaraj Published on May 23, 2018 01:54 PM IST

Right from operating systems, installed in personal computers, to IoT devices in big enterprises, cyber criminals have their fingers on everything. To repel them, there are security agencies. But whenever they solve a problem, something new crops up. So, News Today contacted one of the renowned security agencies, Kaspersky Lab, to find the reality.

Excerpts from the interview:

Q: Why do hacks and malware attacks happen even when a computer is equipped with an antivirus or firewall?

A: Everyone acknowledges the abundance of malware today. It’s not someone else’s problem in some distant country: it’s everywhere. In 2016, we reported that 31.9% of computers were attacked at least once. The same year, we repelled 758,044,650 attacks launched from online resources located all over the world and our web antivirus components recognised 261,774,932 unique URLs as malicious and detected 69,277,289 unique malicious objects (scripts, exploits, executables, etc.).

Antivirus software is designed primarily to prevent infection, but also includes the ability to remove malware from an infected computer. Stand-alone malware remover provides a convenient way of finding and removing malware from a computer or device in case the product already installed is unable to do so.

Additional malware-removal tools are necessary because malware can hide itself, then re-emerge, re-propagate and re-infect, even if an identified virus file is flagged and removed by the antivirus program.

Using a combination of antivirus software and malware removers can provide the best security possible against malware and other forms of threats.

Q: Where does the problem lie? Operating system or security product?

A: Operating system and application vulnerabilities make it easy for cybercriminals to instal malware in computers. So, it's vital that you apply security updates as soon as they become available to reduce your exposure to risk.

Of course, it’s possible to design an OS in a way that prevents new or unknown applications from gaining reasonably broad or complete access to files stored on the disk – or getting access to other applications running on the device. In effect, this type of restriction can boost security by blocking all malicious activity. However, this approach will also impose significant restrictions on legitimate applications – and that can be very undesirable.

Choosing a rigorous antivirus solution can help ensure you enjoy technology’s benefits – in safety.

Q: Recently, Kaspersky had experienced an issue with Microsoft's Windows, during the installation process (of Kaspersky products)? Did it happen because Microsoft is an American product and Kaspersky, Russian?

A: In the world of cybersecurity, partnerships are of importance. Cybersecurity companies partner among themselves to share data and help each other build stronger security solutions that can better protect their users. They also partner with law enforcement agencies to fight cybercrime. Partnerships with software developers are equally important, because security solutions have to work smoothly with other software, especially with operating systems.

However, having just one security solution for each operating system is not healthy: The market has to be diverse to ensure that cybercriminals don’t only have to try to elude a single security solution. So, partnerships and diversity go hand in hand. And it’s especially beneficial when that diversity is supported by the OS developer.

The more your security solution is compatible with your operating system, the less it affects performance and stability. That also means that there would be no switch-offs due to incompatibility issues. If you’ve paid for a security solution, you can expect it to be updated on time, so that it can work smoothly with all the OS updates you instal.

We have a long history of cooperation with Microsoft, and we sincerely believe that the changes they bring will make the cybersecurity market healthier, resulting in better protection for all users.

Q: Are operating systems created with bugs and back doors to benefit someone? Or are they requested to be made so?

A: A software bug is an error, a flaw, a failure or a fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. It is by no means a piece of malware. As such, the bugs can unexpectedly create backdoors that happen because of incorrect coding.

Even our products are not immune to bugs. We’re not afraid to say so. No one is perfect, for which reason the first bug bounty program appeared in 1995. Back then, Netscape wanted to test its latest browser. Today, Google, Microsoft, Facebook, Mozilla, and many other IT companies run such programs.

Q: So far, cyber crimes are mostly witnessed in Windows-based systems, rather than Linux or any other operating systems.

A: No operating system can be called as less vulnerable; cyber criminals work on highly sophisticated threats and they keep looking out for vulnerabilities wherever they can be found.

As Windows is a commonly and very largely used operating system, it is an easier for cybercriminals to target as they can harm a large number of people through it. However, this does not allow us to assume that Linux and other operating systems are not vulnerable to hackers.

Q: Recently, a report disclosed the NTFS storage system - which is being used by Microsoft for years, is more vulnerable than ext4 or xfat systems. Also, another report claims that the boot loader, Microsoft has been using to mount Windows, has not been updated for years. Even Kaspersky has made a report on 'Process Doppelganging', recently used by hackers to drop ransomwares on Microsoft systems. I need your comments on it.

A: Reported in December 2017, Process Doppelgänging involves a fileless code injection that takes advantage of a built-in Windows function and an undocumented implementation of the Windows process loader. By manipulating how Windows handles file transactions, attackers can pass off malicious actions as harmless, legitimate processes, even if they are using known malicious code. Doppelgänging leaves no traceable evidence behind, making this type of intrusion extremely difficult to detect. This is the first time ransomware has been observed using this technique in the wild. The new variant uncovered by Kaspersky Lab researchers implements a far more sophisticated approach, using the Process Doppelgänging technique to evade detection.

BUG BOUNTY

Kaspersky Lab says they launched the bug bounty program in 2016. It encourages all comers — from budding IT experts to seasoned pros — to look for bugs in Kaspersky Lab products. Cash rewards, which, until now, ranged from $300 to $5,000, are paid out for vulnerabilities detected and disclosed in a responsible manner. The program has already led to more than 70 bug reports and timely action on their part to resolve the issues.

OMNIPRESENT

Malware may exist in a variety of forms, says Kaspersky Lab. It can be a file, a hidden file or a partially corrupted file; it can hide the mechanisms that initiate the virus, such as a start-up service or a registry item. "In the worst-case scenario, the malware is working for a third party that aims to steal valuable information like bank account numbers or personal identifiers without calling attention to itself. With modern malware, it is usually not enough just to remove a single virus file. Instead, multiple location checks and virus scanning techniques are needed to completely remove the package of malware," it said.