What do you consider to be the main challenges facing the AV industry over the next 12-18 months?

Protecting Mobile Internet connected devices and also fighting fake anti-virus products or “scareware”. People are now moving beyond the PC and connecting to the Internet from lots of different devices. We already know that these devices can be targets of cybercriminals. Our Norton Everywhere program is designed to offer effective and easy security solutions for mobile devices. Scareware is a clever fraud designed to steal Internet users’ identities and money. The fraudster falsely claims to have found viruses on the user’s computer and then may offer a “security solution.” The “solution” is probably a complete fraud designed only to download more bad things onto the computer and steal the innocent person’s identity. This is a serious problem because it takes advantage of people trying to obtain real security protection on their Internet-connected device.

What will Norton be doing to help address these issues?

In addition to supporting the Norton Everywhere program to secure mobile connected devices, I am also working with law enforcement to create the Norton TRUE Security Coalition. The TRUE Security group will bring together REAL security experts from Norton and law enforcement to help discuss strategies for catching the makers of fake security schemes. We want to educate consumers about the fake security threat and how to identify real security solutions like Norton 360.

How will consumers benefit as a result?

Norton Everywhere is a new approach to mobile security that was designed to create security solutions specifically for mobile devices. Mobile devices have different needs and there are different threats that need to be considered. Norton Everywhere provides security that does not interfere with mobile usage and includes mobile specific solutions like a remote data wipe feature that can prevent personal data from being read if the miobile device is lost. Consumers have the right to be protected by a real security solution, like those offered by Norton. The Norton TRUE Security Coalition is also a first step to stopping the fake security threats like “scareware” and protecting consumers.

Do law enforcement agencies need to be better educated about the risks of cybercrime?

Law enforcement sees the harm caused by cybercrime every day. I know they really care, but sometimes they just don’t have the resources to catch all the bad guys. Cybercrime is especially difficult because the cases are so complex and often require international cooperation. One area that can improve is training law enforcement to investigate cybercrime cases. The facts are clear that cybercrime is real and serious—it’s also different than most other types of crime:

• Cybercrime typically results in large aggregate losses, but small individual losses.
• Many cybercriminals operate outside the victim’s country making prosecution difficult
• Very few cybercriminals are successfully prosecuted.

The global community shares many common interests against cybercriminals and cooperation, not criticism, is the key to success. Law enforcement must effectively combat cybercrime or faith in the criminal justice system is at stake. Good security helps protect consumers in the short term but the long term solution is collaborating with law enforcement to stop the threat. Until we improve law enforcement capability, however, each Internet user must take responsibility for security and not rely on the assumption that law enforcement will protect them on the Internet.

How do you see companies like Norton working with law enforcement officers to help educate consumers about cybercrime?

Norton is discussing training and conference programs that can help drive cybercrime investigations and prosecutions. We are examining ways that we can provide support for cybercrime victims. By teaming with law enforcement, companies like Norton can offer advice to consumers on key safety practices like having good, updated security software installed on their computer and to make sure they also secure their mobile devices. We need to provide a trusted resource for consumers where they can get answers to how to protect themselves online.

Who else do you think should play a role in spreading the message about staying safe online?

There are many great anti-cybercrime non-profit groups. These groups already have close relationships with global law enforcement and are putting the right tools in the hands of investigators and educating consumers. Keeping secure online is an imperative that every Internet user should understand and follow.

What can consumers do to help protect themselves from cybercrime?

Every device that connects to the Internet, including smartphones and tablet computers needs good security to stay safe. Individual users need to protect themselves with strong security software. Because it is extremely difficult for law enforcement to pursue cybercrime cases, it’s critical that consumers keep updated security software installed and exercise caution online.

If you missed it, you can catch up with the first part of this Interview with Adam Palmer here.

Adam has authored several articles on cybersecurity issues. He has taught cybercrime related courses at Washington & Lee Law School and The University of Mississippi Law School and has been a guest lecturer on cybercrime at Georgetown Law School. In 2009 Adam was a finalist for the Washington DC Association of Corporate Counsel “Outstanding Corporate Counsel” award and he was selected the U.S. Navy “Howell” Award Winner as a top JAG Reservist Attorney for his work teaching cybercrime prosecution.

Can you tell me about your role in the US Navy and any particular cybercrime cases in the UK/Europe that you worked on?

Cybercrime is a global problem requiring international cooperation. When I was a prosecutor, UK law enforcement was a tremendous help in my cases. In one case in particular, I was grateful for the assistance of two UK police officers who flew to the United States to serve as witnesses at trial. Their assistance was invaluable to the success of obtaining a conviction. During my most recent job I worked as policy counsel for .ORG, the third largest Internet domain and designed their security program. It was during this time that I often worked closely with the operators of .UK, Nominet. Nominet provided assistance helping me understand cybercrime issues and leadership establishing industry groups to fight cybercrime. I have also worked as a representative to a major European Internet industry group called CENTR. CENTR members really care about security. I was always impressed that although this was an EU group, that members allowed me to participate and learn from their meetings. Everyone understands we are fighting an enemy that ignores national borders and victimises citizens on every continent. My experience fighting cybercrime has been a rewarding opportunity to work with really smart, good, people around the world. Everyone is working toward the common goal of trying to protect the Internet and its users.

How has your previous job helped to prepare you for the work you’re now doing at Norton?

I have served as a cybercrime prosecutor, taught cybercrime law, and worked closely with anti-cybercrime non-profit groups for over 10 years. I have seen the harm cybercrime can cause and I know how hard it is for law enforcement to successfully catch and prosecute cyber criminals. I am now lending my experience to work with global law enforcement to advance the fight against cybercrime and put handcuffs on the bad guys. I love technology and want to protect consumers who use the Internet. I know what consumers are up against. Hopefully I can raise awareness about cybercrime so we can keep people safe and help them to continue to enjoy the Internet safely.

What are you currently working on at Norton?

I am working on new strategies to raise consumer awareness of cybercrime. The Norton Cybercrime Report: The Human Impact revealed that 65 percent of all Internet users have been victims of cybercrime. This is unacceptable. Many of the digital dangers consumer face can be prevented by good security software and safe online practices. I am also meeting with global law enforcement and industry leaders to learn more about how we can support their efforts to stop cybercriminals.

Please join us on Thursday for part two of this chat with Adam.

This is all very encouraging, if you are in the top tier of countries. However, during the third quarter, 103 of the 226 countries measured had average connection speeds below 1 Mbps. The slowest connection speed? Well, the ignominy of that particular title goes to the island of Mayotte, located in the Indian Ocean, with an average connection speed of 43Kps, however, I am sure given its wonderful location there are other merits.

Interestingly, the report is now going to turn its attention to mobile internet connection speeds. Akamai analysed the average connection speeds from three of the leading mobile providers within the United States. They observed speeds of circa 700 Kbps.  However, there seems to have been a lot of variability between the carriers and also in what city you are in. I am sure that this rings true with many of us.

A faster internet brings with it more users and also the ability to do more things online. It also provides more opportunity for the hackers and cyber-criminals. In a shift from prior quarters, Russia and Brazil unseated the United States and China as the two largest attack traffic sources. Cyber attacks are now a global phenomena, with Akamai observing attack traffic originating from 207 unique countries. They also noted that they believe that Conficker worm is still very active.  During the third quarter, 78 percent of internet attacks observed by Akamai targeted port 445, up from 68 percent during the previous quarter. Port 445, which is used by Microsoft Directory Services, is the same port that Conficker targets, aiming to exploit a buffer overflow vulnerability in Windows and infect the targeted computer.

For those of you who are interested, ‘Guan yersel’ is some Glasgow patter and it is our version of, ‘Go on yourself’. Now, all I need to do is tell my wife that the holiday is off!

The current generation of spy-phone software has one major drawback and that is that you need to have access to the phone you want to tap to load the software onto it. That being said the Newsweek article goes onto outline that a new generation of mobile spyware that is being developed for law enforcement agencies will accompany a text message and automatically itself on the targets phone when the message is opened. The supposition being that the same technology could also make its way into the hands of criminals.

The article finishes off claiming that AV and security programs developed for computers require too much processing power, even for smartphones.  At the end of the day, the spy-phone software is just software, just as is the security software that can detect it and mitigate the risk. So I do not sign up for their presumption that smartphones are exposed. We are seeing the evolution and deployment of security software for smartphones.  There is a saying in our industry – ‘security through obscurity’. By and large, it can be seen to be a truism. At the moment, with smartphones this can also be seen. Given the number of mobile operating systems that are being used e.g. iPhone OS, Palm Web OS, Android, Windows Mobile, Symbian etc, it neatly segments the addressable market into smaller chunks that may diminish the attractiveness of any segment to the malware author. It may simply be a moment in time, but no doubt many would like it to hold for as long as possible. Thankfully, in term of actual numbers, the volume of malware for smartphones and applications such as spy-phone software is dwarfed by that created for the PC.  However, it is one area that needs to be taken seriously and a careful eye kept on it.

What is clear is that the Underground economy is becoming more sophisticated. We are seeing both the selling of ill-gotten goods and requests for assistance e.g. ‘I need someone to write me a Trojan’, ‘I need a bot-herd’ etc.  If everything we detected was sold at the asking prices requested, then the total comes to $275M.  This is a large sum. Now, that being said, if you look at the amount of money traded through legitimate on-line resellers, then this runs to the many hundreds of billions of dollars. So, the ‘legitimate economy’ wins out against the ‘underground economy’. What this research reminds all of us, is that we do need to be careful. In taking some sensible and simple precautions we can ensure that our identities and finances do not come to be traded in the underground economy.  We have created a short video, the latest in our series of ‘guides to scary internet stuff’, specifically on the underground economy.

Research, such as this, helps Symantec. It provides us with an insight as to what the bad-guys are interested in, how they get it, what they do with it etc. In turn, that helps us focus our efforts in designing our security products to mitigate this. Additionally, it also reminds the bad-guys that they are being watched, tracked, and that they cannot count on having things all their own way.

Now, Trend’s announcement further highlights the understood requirement within the security industry for a new testing methodologies. We need approaches that will better reflect the complex and dynamic nature of the threats that anti-malware products are trying to counter. Notably, the Anti Malware Testing Standards Organisation (AMTSO), has been created to address this.

Whilst, we can all debate the relative merits of the current tests, Virus Bulletin themselves did comment that their test is not the only way to test anti-malware products, but products should be able to detect items in circulation. Furthermore, VB-100 is a measure of product competence and on-going reliability.

So, we all have to live in an ‘imperfect’ world of testing and expect for better days ahead. I am hopeful that the AMTSO initiative will deliver. But I think it is much better to stay the course – rather than decide to wander off.

Casting our minds back to June 2007, we reported that nearly 70% of all email sent was Spam. This was an alarming,  and at the same time, interesting trend.  One of the new tricks that helped fuel the increase was the use of, so called, PDF-Spam.  Here, the spammers had attached the spam message as a PDF file to help circumvent spam-filters.  New countermeasures were brought into place and PDF spam came and went.

Well, here in June 2008, the amount of spam is an incredible 80% of all emails. What gives?

 This is testament to the on-going determination and inventiveness of the spammers. Now, one thing I have noted in my own personal email account is the amount of ‘credit’ related emails that have flowed into my spam folder. They all follow a similar pattern: I have been ‘pre-cleared’ for a loan, or, ‘Get out of the red’ instant credit available to me.  The further twist is that you get them in week 2 or 3 of the month, on the basis that is when we are getting low on cash and waiting for the next pay day. So, the spammers have piggy-backed on the back of the ‘credit-crunch’ and hence the continued and unparalleled levels.  We see this constant ‘see-sawing’ from them using either technically or socially related means to keep pumping out the flood of spam.

Even the ‘credit crunch’ is old news now, we are seeing them switching to spams that focus on the fuel crises, with promises of discounted or free petrol diesel, gas, electricity. For those of you who want to read the full ‘State of Spam’ report for June 2008, follow this link. http://www.symantec.com/business/theme.jsp?themeid=state_of_spam

‘Zero Day Threat’, by Byron Acohido and Jon Swartz (www.sterlingpublishing.com), provides a further insight into the developing world of crimeware.  The authors are journalists with USA Today and they neatly manage to intertwine a narrative of a real-life ‘bust’ of an author of crimeware in Canada, whilst outlining the failures of Banks and Credit Bureaus to keep people save from crimeware.  It provides a good and thought provoking overview of what is and potentially could happen, without descending into the realms of deep technical analysis.