WE KNOW: Al-Qaeda / ISIS / IS = Secret Service

Published: November 20, 2015

Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt

- By - NICOLE PERLROTH - The New York Times - December 31, 2012

SAN FRANCISCO — The antivirus industry has a dirty little secret: its products are often not very good at stopping viruses.

Consumers and businesses spend billions of dollars every year on antivirus software. But these programs rarely, if ever, block freshly minted computer viruses, experts say, because the virus creators move too quickly. That is prompting start-ups and other companies to get creative about new approaches to computer security.

“The bad guys are always trying to be a step ahead,” said Matthew D. Howard, a venture capitalist at Norwest Venture Partners who previously set up the security strategy at Cisco Systems. “And it doesn’t take a lot to be a step ahead.”

Computer viruses used to be the domain of digital mischief makers. But in the mid-2000s, when criminals discovered that malicious software could be profitable, the number of new viruses began to grow exponentially.

In 2000, there were fewer than a million new strains of malware, most of them the work of amateurs. By 2010, there were 49 million new strains, according to AV-Test, a German research institute that tests antivirus products.

The antivirus industry has grown as well, but experts say it is falling behind. By the time its products are able to block new viruses, it is often too late. The bad guys have already had their fun, siphoning out a company’s trade secrets, erasing data or emptying a consumer’s bank account.

A new study by Imperva, a data security firm in Redwood City, Calif., and students from the Technion-Israel Institute of Technology is the latest confirmation of this. Amichai Shulman, Imperva’s chief technology officer, and a group of researchers collected and analyzed 82 new computer viruses and put them up against more than 40 antivirus products, made by top companies like Microsoft, Symantec, McAfee and Kaspersky Lab. They found that the initial detection rate was less than 5 percent.

On average, it took almost a month for antivirus products to update their detection mechanisms and spot the new viruses. And two of the products with the best detection rates — Avast and Emsisoft — are available free; users are encouraged to pay for additional features. This despite the fact that consumers and businesses spent a combined $7.4 billion on antivirus software last year — nearly half of the $17.7 billion spent on security software in 2011, according to Gartner.

“Existing methodologies we’ve been protecting ourselves with have lost their efficacy,” said Ted Schlein, a security-focused investment partner at Kleiner Perkins Caufield & Byers. “This study is just another indicator of that. But the whole concept of detecting what is bad is a broken concept.”

Part of the problem is that antivirus products are inherently reactive. Just as medical researchers have to study a virus before they can create a vaccine, antivirus makers must capture a computer virus, take it apart and identify its “signature” — unique signs in its code — before they can write a program that removes it.

That process can take as little as a few hours or as long as several years. In May, researchers at Kaspersky Lab discovered Flame, a complex piece of malware that had been stealing data from computers for an estimated five years.

Mikko H. Hypponen, chief researcher at F-Secure, called Flame “a spectacular failure” for the antivirus industry. “We really should have been able to do better,” he wrote in an essay for Wired.com after Flame’s discovery. “But we didn’t. We were out of our league in our own game.”

Symantec and McAfee, which built their businesses on antivirus products, have begun to acknowledge their limitations and to try new approaches. The word “antivirus” does not appear once on their home pages. Symantec rebranded its popular antivirus packages: its consumer product is now called Norton Internet Security, and its corporate offering is now Symantec Endpoint Protection.

“Nobody is saying antivirus is enough,” said Kevin Haley, Symantec’s director of security response. Mr. Haley said Symantec’s antivirus products included a handful of new technologies, like behavior-based blocking, which looks at some 30 characteristics of a file, including when it was created and where else it has been installed, before allowing it to run. “In over two-thirds of cases, malware is detected by one of these other technologies,” he said.

Imperva, which sponsored the antivirus study, has a horse in this race. Its Web application and data security software are part of a wave of products that look at security in a new way. Instead of simply blocking what is bad, as antivirus programs and perimeter firewalls are designed to do, Imperva monitors access to servers, databases and files for suspicious activity.

The day companies unplug their antivirus software is still far off, but entrepreneurs and investors are betting that the old tools will become relics.

“The game has changed from the attacker’s standpoint,” said Phil Hochmuth, a Web security analyst at the research firm International Data Corporation. “The traditional signature-based method of detecting malware is not keeping up.”

Investors are backing a new crop of start-ups that turn the whole notion of security on its head. If it is no longer possible to block everything that is bad, the thinking goes, then the security companies of the future will be the ones whose software can spot unusual behavior and clean up systems once they have been breached.

The hottest security start-ups today are companies like Bit9, Bromium, FireEye and Seculert that monitor Internet traffic, and companies like Mandiant and CrowdStrike that have expertise in cleaning up after an attack.

Bit9, which received more than $70 million in financing from top venture firms like Kleiner Perkins and Sequoia Capital, uses an approach known as whitelisting, allowing only traffic that the system knows is innocuous.

McAfee acquired Solidcore, a whitelisting start-up, in 2009, and Symantec’s products now include its Insight technology, which is similar in that it does not let any unknown files run on a machine.

McAfee’s former chief executive, David G. DeWalt, was rumored to be a contender for the top job at Intel, which acquired McAfee in 2010. Instead, he joined FireEye, a start-up with a system that isolates a company’s applications in virtual containers, then looks for suspicious activity in a sort of digital petri dish before deciding whether to let traffic through.

The company has received more than $35 million in financing from Norwest, Sequoia Capital and In-Q-Tel, the venture arm of the Central Intelligence Agency, among others.

Seculert, an Israeli start-up, approaches the problem somewhat differently. It looks at where threats are coming from — the command and control centers used to coordinate attacks — to give governments and businesses an early warning system.

As the number of prominent online attacks rises, analysts and venture capitalists are betting that corporate spending patterns will change.

“Technologies that once were only used by very sensitive industries like finance are moving into the mainstream,” Mr. Hochmuth said. “Very soon, if you are not running these technologies and you’re a security professional, your colleagues and counterparts will start to look at you funny.”

Companies have started working from the assumption that they will be hacked, Mr. Hochmuth said, and that when they are, they will need top-notch cleanup crews.

Mandiant, which specializes in data forensics and responding to breaches, has received $70 million from Kleiner Perkins and One Equity Partners, JPMorgan Chase’s private investment arm.

Two McAfee executives, George Kurtz and Dmitri Alperovitch, left to start CrowdStrike, a start-up that offers a similar forensics service. Less than a year later, they have already raised $26 million from Warburg Pincus.

If and when antivirus makers are able to fortify desktop computers, chances are the criminals will have already moved on to smartphones.

In October, the F.B.I. warned that a number of malicious apps were compromising Android devices. And in July, Kaspersky Lab discovered the first malicious app in Apple’s app store. The Defense Department has called for companies and universities to find ways to protect mobile devices from malware. McAfee, Symantec and others are working on solutions, and Lookout, a start-up whose products scan apps for malware and viruses, recently raised funding that valued it at $1 billion.

“The bad guys are getting worse,” Mr. Howard of Norwest said. “Antivirus helps filter down the problem, but the next big security company will be the one that offers a comprehensive solution.”

Genetically Engineered Fish Moves a Step Closer to FDA Approval

- By ANDREW POLLACK - The New York Times - December 21, 2012

Government regulators moved a big step closer on Friday to allowing the first genetically engineered animal — a fast-growing salmon — to enter the nation’s food supply. -- Keeping in mind that there are absolutely NO GOOD Genetically Modified Organism (GMO) CROPS and FOODS!!!

The Food and Drug Administration said it had concluded that the salmon would have “no significant impact” on the environment. The agency also said the salmon was “as safe as food from conventional Atlantic salmon.” While the agency’s draft environmental assessment will be open to public comment for 60 days, it seems likely that the salmon will be approved, though that could still be months away.

The environmental assessment is dated May 4. It is unclear why it took until now for it to be released, but supporters of the salmon say they believe it is because the Obama administration was afraid of an unfavorable consumer reaction before the election in November.  Environmental and consumer groups quickly criticized the federal agency’s conclusions.

“The G.E. salmon has no socially redeeming value,” Andrew Kimbrell, executive director of the Center for Food Safety, a Washington advocacy group opposed to farm biotechnology, said in a statement. “It’s bad for the consumer, bad for the salmon industry and bad for the environment. F.D.A.’s decision is premature and misguided.”

But the decision was long in coming. AquaBounty Technologies, the company that developed the salmon, has been trying to win approval for more than a decade.

“We’re encouraged by this,” Ronald Stotish, the chief executive of AquaBounty, said on Friday. However, he added, “We’re not so foolish as to be wildly enthusiastic” that Friday’s action will definitely lead to approval. Among other things, some members of Congress have tried to block the agency from approving the fish.

The AquAdvantage salmon, as it is called, is an Atlantic salmon that contains a growth hormone gene from the Chinook salmon and a genetic switch from the ocean pout, an eel-like creature. The switch keeps the gene on so that the salmon produces growth hormone year round, rather than only during warm weather. The fish reach market weight in about 18 months instead of three years.

The F.D.A. tentatively concluded in September 2010 that the salmon would be safe to eat and for the environment. A committee of outside advisers, while finding some shortcomings in the analysis, did not contradict those conclusions in general.

The agency then embarked on a more detailed environmental analysis that has now come to the same conclusions.

The main concern addressed was whether the genetically engineered salmon could escape and establish themselves in the wild, with detrimental environmental consequences. The larger salmon, for instance, could conceivably outcompete wild Atlantic salmon for food or mates.

The agency said the chance this would happen was “extremely remote.” It said the salmon would be raised in inland tanks with multiple barriers to escape. Even if some fish did escape, the nearby bodies of water would be too hot or salty for their survival. And reproduction would be unlikely because the fish would be sterilized, though the sterilization technique is not foolproof.

The agency also said that approval of the salmon would have no effect on endangered species, including wild Atlantic salmon. The National Marine Fisheries Service and the Fish and Wildlife Service did not disagree.

AquaBounty produces its eggs at a facility in Prince Edward Island, Canada. The eggs are shipped to the highlands of Panama, where the fish are grown to market weight.

The federal agency said that other facilities for growing the salmon would require separate approvals. It also noted that it did not assess how the salmon would affect the environment in Panama and Canada, only in the United States.

Opponents said that the agency should do a more complete environmental impact statement. They also said that not enough samples were studied to conclude that the fish would be safe to eat.

Scientists and companies working on animal biotechnology had complained that the failure to approve the salmon was discouraging investment in the industry.

An article in Slate earlier this week said the White House had been delaying release of the environmental assessment for political reasons, violating the Obama administration’s pledge to make decisions based on science. The environmental assessment was released soon afterward.

An agency spokesman declined to comment on the delay. He said it was not possible to predict when a final decision on the salmon would be made.

The F.D.A. is likely to take weeks or months to analyze the comments it receives. Even if it then affirms the conclusions released Friday, that would be a decision that a bigger environmental impact statement is not needed. The agency would still have to take a separate step to approve the salmon for introduction into the food supply, although it is thought there are no other important issues outstanding.

Mr. Stotish of AquaBounty said that if the approval came early next year, some salmon could reach American dinner plates late next year. But quantities would be limited by the small capacity in Panama. AquaBounty hopes to sell eggs to other fish farms that would grow larger quantities of salmon, but that is likely to take a few more years.

AquaBounty has argued that the faster growth of its fish makes it feasible to rear them in inland tanks rather than ocean pens, reducing the environmental impact. “That allows us not to disturb the oceans whatsoever,” said Elliot Entis, the founder of AquaBounty.

Mr. Entis, who no longer works for the company, has formed a new company to rear the salmon in the United States.

AquaBounty, which is based in Maynard, Mass., nearly ran out of money waiting for the salmon to be approved.

Kakha Bendukidze, an investor from the nation of Georgia who owned nearly half the company’s stock, sold his holdings in October to Intrexon, an American company. Intrexon, which is offering to buy the rest of AquaBounty, is providing it with a $500,000 loan.

Intrexon is working on synthetic biology, which is sort of a souped-up form of genetic engineering. It is not clear yet how it plans to apply that technology to AquaBounty’s fish.