30 minute interview

“Mobile viruses are still in their infancy as compared to desktop malware”

Patrik Runald, Senior Security Specialist, F-Secure Security Labs, on the latest in security threats and what his company is doing to keep these in check.

Patrik Runald

Is the threat profile changing? Are mobile threats to be taken seriously?

The threat scenario with regard to the mobile handset is much the same as it was with the PC 10 years ago. Mobile viruses and worms can cripple a mobile phone rendering it useless.

From an evolutionary perspective, mobile viruses are still in their infancy as compared to desktop malware. On the PC side, it’s all about malware being used to make money. We expect that the same thing will happen with mobile phones.

We have anti-virus solutions that prevent malware from running, and update automatically on expiry. We also have firewalls to prevent intrusions. We follow the same approach for mobile phones as well. Any IT security policy will have to take all devices into account, be they PCs, mobile phones or any other devices.

Are attack volumes highest on the PC, at the server or are mobiles the worst hit?

The PC remains the worst affected. This is likely to remain so in the future. As a user, you are more likely to be attacked by a virus on your PC than while using your mobile phone. Spam and malware are spreading actively on the PC front.

You use Google Earth to detect infected machines. How does this technology work?

We have a bunch of machines on the Internet, scanning Net traffic and these servers are not supposed to receive any traffic at all. When they do receive traffic, we analyse it and see whether it is coming from a malicious site. Based on longitude or latitude we can trace the origin of the traffic through Google Earth. We also have a technology called roadmap to detect known viruses.

Can you update us on what’s coming from your labs?

The Deep Guard technology helps detect unknown threats. For example, if a system permits a malicious program to run, before you run it on your system or device, Deep Guard will analyse what it is doing and based on that make a decision whether it is safe to run or not. We plan to launch this product in 2007.

We also have an online scanner, where one can log on to our site and scan one’s PC without having to install any software. If it finds something it will assist you in cleaning that and if there is some unknown threat then you have the option of sending it to our lab for analysis. This is free for everyone.

We are also working on a concept called the Bad Web Database. It is a security filter. Whenever a phishing message is opened and a user clicks on a link in that mail, our software on his machine will check against that database to ensure that he’s not visiting a site that is a known offender. This database is updated regularly vis-à-vis viruses and phishing.

Do SMBs prefer standalone or integrated solutions?

Although SMBs need security they are not in a position to manage it themselves. This is where, security as a service comes into the picture. We are taking this concept to Asia now. Earlier, the solutions were used by engineers.

SMBs like integrated solutions for multiple reasons. For one you get all the security that you need at a better price in one solution. When using solutions from different vendors, there is always the risk that it may crash because of incompatibility. Finding fault becomes cumbersome as there is no one point or vendor who can be held responsible.