It pays to be paranoid, says Enrique Salem, CEO of worldwide computer-security powerhouse Symantec.
"They" really are out to get you!
"Once, hackers were happy to develop a virus that would get onto user's computers and either cause problems or just announce their presence," he said in an exclusive interview with The Jerusalem Post during a recent computer-security seminar Symantec held in Israel. "Spyware was very generic before, and the hackers were happy to catch anyone in their snare. That's changed, though; now, the hackers are interested in you and your information."
Symantec, for those who don't know, is the world's largest computer-security software publisher, best known for its Norton suite of antivirus and security programs. Salem has been involved in Symantec in one capacity or another for nearly the past two decades, so if there's anyone on "our side" who knows how hackers think, it's him.
And what he has to report doesn't bode well.
"Instead of putting a destructive virus on your computer, hackers are more likely to try and grab your data," Salem says. "Once, hackers were trying to get their wares on as many PCs as possible, but today they are more selective. About 90 percent of attacks now are attempts to seek information, such as your credit-card number."
Instead of a destructive virus, hackers are more likely to send you something like a key-tracker: a program that will keep track of all the keystrokes you enter into your computer. The program sends all your keystrokes back to the "mother ship," where the hackers run analysis tools looking for the "golden number": the string of digits that is your credit card.
Even if they don't get your financial information, you're still important to hackers; your name, address and any other identifying information is worth money on the open market (at least $10 or $20, Salem says). Hackers snatch your identity and then sell them online to criminal syndicates, who then use your name to get their own credit card, courtesy of you. You, of course, know nothing of this, until the day you apply for a loan and discover that you've been rejected because you owe tens of thousands to Visa or Mastercard.
Who would be dumb enough to fall for such scams? You, me and everyone we know, says Salem.
"The days of general, poorly written messages that look like a bad translation from some foreign language are over," he says. "Hackers seeking your data will send you messages that you are much more likely to respond to." For example: Most of us are probably knowledgeable enough not to click on links that claim that our bank account has been suspended, even if we happen to have an account in that bank.
But what about this: A hacker reads that your company is up for merger with another company. Trolling their database, they search out all the names of people whom they've identified as working for your company and send them a specific message that seems to concern the merger. You'd be likely to open a message like that and click on a link, Salem says. And many do.
As a result, he says, a new paradigm is needed to fight today's good fight - and Symantec has the weapons you need. Until now, most antivirus programs have checked programs and downloads for specific virus-y patterns in their code, or their signature. The problem with signature-based detection, says Salem, is that if an antivirus program doesn't have the hacked program's signature, or cannot figure out the pattern in advance (a tactic known as heuristics), the bad code will get through. While that might have worked once - and still does, in many cases - the hackers have gotten sophisticated enough to beat traditional antivirus programs.
Instead, the newest edition of Norton's protection suite takes a different
approach. Drawing on the "wisdom of crowds," the program doesn't look at signatures but at reputations; any program used by many others that has proven to be reliable and bug-free makes it onto the list and onto a computer protected by the product (known as Norton Internet Security).
Safe applications exhibit common attributes, such as having a known origin produced by known publishers. Conversely, new malware may have an unknown publisher, among other attributes. Using the data, a "reputation score" is calculated and can be used to infer the likelihood of an unknown application being safe or malicious. Users are invited to update the database, informing Symantec of whether the programs they're running are righteous or rogue.
There are various versions of Norton Internet security, for consumers, small business and large enterprise. But the bottom line, says Salem, is that Symantec knows security. While he acknowledges that there is plenty of competition out there - some of it in the form of free downloads - none come close to providing the protection Symantec can.
"We have the largest network of users, and anyone who works on the Internet is going to want as much protection as possible these days," he says. "We see a third of the world's e-mail in our filters, and we have over 2 million probes out there seeking out the bad guys."
It's those odds, says Salem, that gives him confidence - or at least hope - that you, I and all the other innocent "Internet civilians" have a fighting chance of surviving our online experience intact.