Interview with Kaspersky chief malware expert Alex Gostev

[starchild76]

quote from the interview :

The last year has seen a lot of changes in the threat landscape, with the emergence of a number of new cyber espionage tools such as Gauss and Flame, as well as an increase in the volume of malware targeting mobile platforms such as Android. Recently, Alex Gostev, the chief malware expert at Kaspersky Lab, answered questions submitted by users on Facebook, discussing the evolution of antimalware solutions, the threats to mobile devices and how governments around the world are handling the cybercrime explosion.

the link for the rest of this article :

http://threatpost.com/en_us/blogs/interview-kaspersky-chief-malware-expert-alex-gostev-122412

 

[Exterminator]

Great article!! It is mind boggling to think about the amount of Malware that is out there and the knowledge and effort that is put in to stopping it

 

[Gnosis]

our first, major priority is to protect our users. So we will protect them from all types of malicious programs regardless of who creates them. It is also our aim to communicate a simple message to the world’s governments: any malware can also be used against its creators; unintended targets can also become victims. Cybercrime must become subject to international law and must come under the regulations and monitoring of the global community.

Right. Until Putin or Medvedev gives them a crushing ultimatum to do otherwise.

Why does Kaspersky often (maybe very often) recognize “good” software as malicious?

I am surprised that he did not bitch-slap the interviewer on that one, Russian mafia style.

it is also advisable to complement your browser with dedicated protection tools, such as a sandbox, whitelisting

Right on!

FYI: whatever you do, don't click on the "wiper" hyperlink! lol

Another example is the propagation module incorporated into the Flame worm –it helps the worm spread via local area networks, and that is a whole other story. Its creators have not only successfully implemented an unprecedented MD5 cryptographic attack but have also created a “real” Microsoft certificate. This is way beyond a 0-day vulnerability – this is “god mode”

The hard truth hurts. This is why I don't allow HIPS to green-light, based on MSFT certificates.

There are no secure desktop operating systems. Any operating system can only be called secure on a conditional basis until the next 0-day vulnerability emerges. When this happens, it instantly turns the safest operating system into the most vulnerable one. I’m talking here about a situation where the vulnerability is publicly disclosed. As for privately-known vulnerabilities, well they always exist for any given operating system.

Exactly why Windows Update is overrated. They cannot come quick enough, EVER.

check out the history of the Induc virus

This guy is cutting edge.

The management of one large company says that Kaspersky Lab writes viruses and creates zombie networks to infect computers in the Russian segment of the Internet, in order to sell more of their products and provide consulting services. Can you please comment on this. I can’t disclose the name of the company as I work for it.

OUCH!! That hurt.

I personally would never use a free antivirus, even if I didn’t work for Kaspersky Lab. I know how this type of software works, who works on these programs and how.

Fascinating!

The firewalls in modern routers are pretty limited in terms of their functionality, and perform primitive filtering at the level of port addresses. Naturally, this solution is not adequate for complete security.

I like this guy.

Signature-based analysis is a tried-and-tested method of detecting threats, but on its own against today’s threats it’s virtually useless.

That is what I have been saying for a while now, though I am a cyber pip-sqeak compared to that cat.

 

[Deleted member 178]

:goodpost:

I personally would never use a free antivirus, even if I didn’t work for Kaspersky Lab. I know how this type of software works, who works on these programs and how.

:lolz: :lol:

Seriously... ah yes we don't know you, for who you work, how you work.

sure, you don't like Comodo, Avast, AVG, Panda, Microsoft stole your market share

if you don't know them better you retired now.

I didn't like Kaspersky products, after reading that i don't like the company either; even Melhi of Comodo is more thrustworthy than him...

 

[Gnosis]

He speaks as if he is in 1988 USA, not 2013 Russia. Does he really think he can defy those leaders over there if they want to strong arm him?! Give me a break.

Per:

our first, major priority is to protect our users. So we will protect them from all types of malicious programs regardless of who creates them. It is also our aim to communicate a simple message to the world’s governments: any malware can also be used against its creators; unintended targets can also become victims. Cybercrime must become subject to international law and must come under the regulations and monitoring of the global community.

He will do what the Russian mafia says he will do. That is how they roll in the end. It is inevitable, but I still like their rescue disk. The Russian mafia outlasted the Romanov Dynasty. They can't outlast Kaspersky?

 

[Viking]

"At the present time, we detect some 200,000 new malicious programs every day".

8333.3 per hour
138.8 per minute
2.3 per second

A staggering amount!

 

[Spirit]

I didn't like Kaspersky products, after reading that i don't like the company either; even Melhi of Comodo is more thrustworthy than him...

So you too think Meliah from comodo is not worth to Trust

 

[Gnosis]

Didn't Meliah used to be a member here, or at rM?

 

[Deleted member 178]

Didn't Meliah used to be a member here, or at rM?

i dont remember him posting in RM or here

So you too think Melih from comodo is not worth to Trust

you know me ; TRUST NO ONE

 

[Spirit]

you know me ; TRUST NO ONE

TRUSTING AND REVIEWS GROUP


oopssssssssssssss

TESTING AND REVIEWS GROUP


:lolz:

 

[Plexx]

Anything to protect us from our own government?

Alex Gostev: We protect against malicious programs without making any distinctions as to who created them.

Wasn't Sophos the only one who refused to whitelist the trojan/infection specifically used by FBI for "crime solving" which could also be used against such purpose, as it the famous double edged backdoor of some sort.

If I remember correctly Kaspersky did whitelist that.

Why does Kaspersky often (maybe very often) recognize “good” software as malicious?

Alex Gostev: I have to disagree with you on this one. Kaspersky Lab’s products have one of the lowest false positive rates in the entire industry; independent test results back up this claim. We couldn’t possibly have received the “Product of the year” award unless we had demonstrated the fewest false positives in dedicated testing.

The guy works for Kaspersky... You do not seriously believe an employee would talk bad about his own employer unless he does not wish to have his job... It was to expect such answer.

How can I get rid of my paranoia and obsession that there is a Trojan in the system, or a vulnerability is being exploited?

Alex Gostev: Why would you want to get rid of it? When it comes to IT security paranoia is actually a positive thing, as it makes you more careful about what you do and how you do it. It makes you try to figure out how the system works, promotes your self-development and broadens your outlook. In other words, it’s a good thing.

Well there are 2 kinds of paranoid users: One that knows what he/she is doing while the other simply overloads the system with overlapping software. I wouldn't really say it's a positive thing...

My friends say Kaspersky Anti-Virus is a resource-hungry monster, and recommend that I use free antivirus solutions (I won’t advertise them here). Their argument is: free antivirus is no worse, in fact they are better in many respects. Is this correct?

Alex Gostev: No, and I can’t be bothered disproving it here. I personally would never use a free antivirus, even if I didn’t work for Kaspersky Lab. I know how this type of software works, who works on these programs and how.

Put my hands on fire that if he didn't have his job or simply half of his knowledge nor the means to buy a license for a software nor acquire one, he would eat his own words.

Is a hardware firewall in the router enough? Or maybe, besides that, it's good to have a software firewall?

Alex Gostev: The firewalls in modern routers are pretty limited in terms of their functionality, and perform primitive filtering at the level of port addresses. Naturally, this solution is not adequate for complete security.

For security at government level I agree 50%. For Security for home users, I disagree completely.

 

[Gnosis]

All good points Biozfear.
We all know the manipulative power of governments when considering the private sectors (if there is such a thing as a "private sector" in Russia), esp. when considering Russia and China, and soon-to-be the U.S.A. So I don't see how Mr. Gostev can be so bold as to imply that Kaspersky will always protect those that seek their services. That makes no sense in this world. If Putin strong-arms Kaspersky, they will protect only who the hierarchy in Russia says they are to protect. It is that simple. Sad, but true.

While Kaspersky IS doing good things, it could all change in a minute. Dr. Web provides Russia's defense ministry's security software (last time I checked). That is even more reason to doubt Mr. Gostev's bold statement about always being free to protect ALL who seek Kaspersky's protection.

 

[Spirit]

Wasn't Sophos the only one who refused to whitelist the trojan/infection specifically used by FBI for "crime solving" which could also be used against such purpose, as it the famous double edged backdoor of some sort.

Didn't know that,Thanks Biozfear for info.
Is that the reason many big names like coca cola,ford,cisco are its customers

I have tried their product and find them good with old traditional looks

 

[illumination]

Wasn't Sophos the only one who refused to whitelist the trojan/infection specifically used by FBI for "crime solving" which could also be used against such purpose, as it the famous double edged backdoor of some sort.

If I remember correctly Kaspersky did whitelist that.

Are you talking about Magic Lantern? The keylogger supposedly used by the FBI.

 

[Gnosis]

Russian firms possibly whitelisting FBI utilized malware? Hmmm.

 

[Plexx]

I remember reading that wasn't just the keylogger but Magic Lantern for sure was not whitelisted by Sophos.

 

[illumination]

I remember reading that wasn't just the keylogger but Magic Lantern for sure was not whitelisted by Sophos.

The full potential of it was never disclosed, but it was stated that it was more then just an average keylogger.

I was just curious if this was what you were referring too.