Complete Transcript of Interview – Randy: Abrams – ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
January 19 2008
Alan: All it takes is one virus or one malware threat to get past your computer defense system and you have a major disaster. Today, we will be looking at possible ways that blended threats can attack your computer system and why having the right anti-threat software is a must to stop them cold. Our guest today, is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: It’s great to be back here this year.
Alan: It seems like it’s the good guys against the bad guys all the time. And this is especially true with viruses. Just when you think you’ve got everything under control, along comes another “nasty one” to get us. We’re getting a lot of calls about people who are finding in their Windows Task List, a process called ntos.exe and then when they try to delete that file, it deletes, but then it comes right back again. What’s going on?
Randy: It can actually be a number of things that are happening; one of the things is if a person’s computer, itself has been compromised and they have other malicious software on the computer, it can reinstall that software, automatically.
Another common ploy is for there to be multiple files related to a single threat and if you delete one of them, the other has another copy to put right back where the first one was, already. There are a variety of ways that this can happen.
Alan: You think that you’ve got one little file to deal with and you even go into “safe mode” and delete it and you think, “Aha, I’ve done beat this thing! It’s not going to bother me, anymore,” but as soon as you boot up, it’s right back again. Then when you start looking on the Web, you see that, “Oh, this is not one little problem; it builds root kits; it builds subdirectories; and in it, it’s got files – AUDIO.DLL and VIDEO.DLL, which seem to be very innocent files.
Randy: Only by name; some of the most poisonous plants in the world are completely beautiful if you look at them, but it doesn’t make them safe!
Alan: And these are not innocent files, because they take over just about every part of your computer system, don’t they?
Randy: Right – when it comes to security, there’s no such thing as just one little file. It’s a pretty big problem that goes beyond the file, itself.
If you just treat the ntos.exe or that single infection, you’re really missing the important part about security, which is, “How did it get there and what can I do to make sure that never happens, again?”
Because, frankly if I got infected with the one that you’re taking about, and I know of at least 3 different variants of it and there’s probably hundreds – I would reformat my machine. I’d completely rebuild my machine from scratch. I would change all of my passwords, especially for online banking, because, this one steals bank account information in some cases.
Alan: This version also has what they call, “a ransom affect”, where it can actually encrypt a lot of your files all over your computer system and then leave you a little note saying, “Oh, if you really want to get back into your computer system, you need to pay me ‘X’ amount of dollars.” And if you don’t do so within 18 days, bye-bye data!
Randy: And that actually addresses the importance of backing up your data, because a hard drive crash can do that without offering the option to pay for it. And you can beat the bad guys at that game by just having a good backup regime and continuing to take care of your data, like it should be, anyway.
Alan: One of the problems about backing up is you really don’t know when you got infected. Who knows how long before it actually is discovered?
Randy: That’s true. That’s one of the reasons that you always keep good copies of your executables. If it’s a data file, it doesn’t really matter when the “pay load” takes effect, because if you have got a backup that isn’t encrypted, you’ve got access to your data.
Alan: But, if it’s like a video file or a sound file or some graphics that you download or a picture; you really don’t know what’s being piggybacked inside of it.
Randy: If you want to use good security software, anti-virus is able to detect in some cases, unknown threats to help protect yourself. Generally, the picture, itself – even if it’s a pay load in it, it’s only going to activate if there is a security vulnerability in the program that displays the picture.
You can look at pictures that have been “hacked” or compromised, but if you’re using a completely “detached system”, you’re not going to be vulnerable to the payload in the picture.
Alan: I like to call these viruses, a “cockroach syndrome”, because once you see a cockroach in the house, you think, “Oh, this is one cockroach – I’m going to leave it alone; I’m going to be nice to it; I’m not going to step on it.” It doesn’t take long before there are many, many and more of those!
Randy: Well, that’s true. And in this case, for computers, the bad stuff gets in, because there’s a fundamental problem that can bring out all kinds of bad stuff in them.
Alan: One of the biggest problems is that people really didn’t know how it got onto their computer system and if they’re waiting for a definition files in their virus protection program; it may be too late for that. That’s where you need something like “heuristics” to isolate it before it becomes even known as a threat.
Randy: That’s a good point. The heuristics are very important, it’s the technology that once many people said, “No, it causes too many “false positives”; it’s theoretic. At ESET, we’ve been doing this since 1998. What everyone is saying now, is “Heuristics – heuristics you’ve got to have proactive protection, because we can’t keep up with the signatures, anymore.” – and we can’t. There’s no way to keep up with the signatures. They are good to augment a product and help with detection, but if you’re not detecting that stuff before it gets onto the system, it’s too late.
And even though NOD32 will detect the threat, I would still recommend if it were already in your system, if security is actually your concern, that you rebuild the system from scratch. Make sure it’s fully patched. So, people might not know how the threat got on, but I’ll tell you how it got on. They generally went to a compromised website or accepted an attachment from someone that they shouldn’t have. You’ve got to learn how to determine what’s worth double clicking on; why you should trust it; things like this.
If you go outside into the street into a really busy city and looked at everybody that’s out there, ask yourself, “How many of those people do I trust?” You’d get back behind your computer and remember, all of those people are still out there – do you trust them? And if you go to MySpace, all those people are out there and a lot of them are good people, but are you going to blindly trust everybody and take files from them?
Alan: And it’s even worse than that, because you can go to a “good” site and you’ve been there for years and years and you know it’s absolutely clean or at least you think it’s absolutely clean. And guess what? You’re now infected. Why?
Randy: Things happen when a good site gets compromised. You can do everything right and still have a problem every now and then, but it’s going to be extremely rare. A lot of the people that are getting infected are getting infected with things that if they had up to date anti-virus, it would have prevented it.
If they practiced “safe computing practices”, they wouldn’t have gotten infected. There’s always an exception; there’s always a way for Murphy’s Law to take effect. There’s always for something to go wrong. You can dramatically minimize the risk to yourself by using good security software and using good security practices.
Alan: Well, I remember the days where we used to pass around floppies. The rule of thumb was, “We never would put a floppy into our machine that we really didn’t know where it came from.” And you’re taking about practicing safe computing. What is safe computing now, because the moment you get onto the Internet, it’s like a Wild, Wild West Show!
Randy: You definitely want to have a firewall; you definitely want to make sure that all your software is up to date and current. And not only your operating system - that’s important. But, if you use programs like iTunes, make sure you’ve got the most current version because iTunes has had a lot of security problems and has been patched several times, as does every media player out there, whether it’s for audio or video. Adobe Acrobat – it’s a very common and useful program, but there are some security problems. And so, you need to make sure you’ve got the most current version. Pretty much, take that approach with all your software – check to see if there are some security updates for it. So, that’s a big part of it. Just preventing the random exploit of vulnerability helps make you a lot more secure.
And then, what websites do you go to? If you search Google for something, it’s not uncommon for bad guys to have done things to make their sites come up first. Just because you get the result from Google, it doesn’t mean it’s a good site to go to.
Being selective about where you go; what programs you install; where you get it from and keeping good security on your software, your operating system and all your applications up to date, all tend to go a long, long way towards keeping you more secure on the Net.
Alan: So many people bank online; they pay their bills online and they don’t realize that all it takes is for someone to get in there and just do a transaction in their name and they can wipe out a bank account in a heart beat and you won’t even realize it until maybe you get your next statement.
Randy: They can definitely happen. One of the things I recommend around this time of the year, especially because a lot of people get new computers around this time – is to save that old one; hang onto it and then dedicate that to your things like online banking. Don’t use it for email; don’t use it to surf the web. Use it only for the very important stuff; be sure to keep it up to date in terms of security software. Use that for your important stuff and use another computer for all the funs stuff and that helps to isolate your confidential personal information.
Alan: And this is where ESET’s Smart Security comes in, because your new Program has that built-in firewall; it has anti-phishing; it has anti-spam; it has just about everything you need to keep yourself safe, doesn’t it?
Randy: Everything, except judgment. You’ve got to add good judgment yourself. You’ve got to practice safe habits when you’re online. We provide proactive protection against threats; we provide the firewall; we help deal with the annoying problem of Spam, which in some cases is more than just annoying. It can contain malicious software, as well. So, ESET’s Smart Security can assist you in achieving security, but you’ve got to add the thought, yourself.
Alan: You’ve got to remember that the people that are writing these viruses or this malware are not “script kiddies”, anymore. They’re not people just sitting down and saying, “Oh, look what I can do. And when someone gets caught, it’s a big thing on the screen that says, ‘hey, you’ve been caught’.” They’re really sophisticated and they make a lot of money behind the scenes, don’t they?
Randy: Yeah, these are professionals, nowadays. They’re being paid because they have very good programming skills; using them to make the most money they can. There’s a lot of financial motivation, which in some cases really brings out the worse in people. And that’s what we’re seeing in the malware scene, nowadays.
Alan: That’s where your software comes in, because you basically put into like a virtual world, where you look at everything that goes into our system, whether it comes in through the Internet; whether it comes in through email – no matter how it comes into our system, you actually take a little peak at it.
Randy: We do. And that’s part of how our heuristics work.
Alan: Now, how easy is it to set up ESET’s Smart Security, because it’s got a firewall in it and it takes care of the anti-phishing and the anti-Spam? How hard is it to set up?
Randy: Oh, it’s a snap to set up. It was designed in part because of the feedback of users saying that NOD32 was too complex. We designed it to be very simple. We have two modes, actually. The Standard Mode is designed to be almost effortless in terms of installation.
Even the Expert Mode is effortless to install. The difference is how granular you get? How many details you get and the control over the program? But, the Standard Install is just a few clicks and it’s there. It’s amazing how easy it is to install.
Alan: I like to see what’s going on behind the scenes. I like to see the logs and know that my system is absolutely protected and if something was a threat or tried to be a threat. It’s nice to warn me, but I like to know that it is happening, so maybe I could do something about it.
Randy: And that’s why we have the Standard and Advanced Modes for Smart Security. The Standard user just doesn’t want to know anything about it; just wants it taken care and he gets that. And the more advanced user that wants more information has that option, as well.
So, then you have two different modes that you run in – you run in an Interactive Mode and an Automatic Mode. Right and for the Firewall, most people would want to run in the Automatic Mode; they don’t want to be bothered with prompts, especially if they don’t understand what the prompts are about. But, there are some of us that run in Interactive Mode, because we want to customize the environment; we want to what’s going on. And the Firewall is suitable for the Standard User, as well as for the Advanced User.
And one of the other things about the Firewall that makes it really unique is that the Firewall was designed to be completely integrated to the Smart Security Program. So, the data that the Firewall collects, what it sees, gets passed to our Heuristic Engine that anti-virus and anti-Spam and anti-spyware uses. The Firewall isn’t just thing out there, blocking stuff and coming in and out - that are a fully engaged participant in security decisions, made by the Heuristic Engine.
Alan: And that’s what separates your Program from other ones that on the market, because in most cases, it’s like a separate firewall; it’s like a separate anti-virus program; it’s a separate anti-threat program and it may share the same common user interface or menus, but they are not really talking to each other.
Randy: It’s an important distinction with our Product. It helps us to do a better job of protecting the user.
Alan: Randy, if somebody would like to find some more information about the new NOD32, Version 3 and the ESET Smart Security, where would they go?
Randy: I would recommend that they go to http://www.eset.com.
Alan: And you have free Trial Version; this is a fully functional Trial Version on your site that people can download and work with and see how powerful this Program is.
Randy: They can try it for a month free; it’s fully functional. If we detect a threat on your computer and we’ll clean it – we’re not going to say, “Oh no, you have to buy this before you use that functionality. It’s a fully functional that you can try it for a month.
Alan: Randy, as always, it’s been our pleasure to have you as our guest here on Let’s Talk Computers and we look forward to talking to you again, real soon.
Randy: Thank you, Alan. It’s always a pleasure to be here.
