Panda Security Insight

Dave de Walt states in his blogpost on the Intel / McAfee transaction that this announcement is “great news to the security industry and the future of the Internet”.  Time will tell if the acquisition is good news or not for McAfee and Intel’s users, partners, employees and shareholders; but I agree that it is clearly elevating the importance of IT security to new heights within the computing industry.  This by itself is great news.  As we have been saying all along, security has to be a pillar in next generation computing.

For all of us in the security industry, that need has always been obvious, especially as the curve at which we depend on technology is consistent with the rate at which the bad guys take advantage of it to their benefit.  For the broader technology industry this has not always been the case.  All too many devices and software applications are still built without fully analyzing the security implications.

We have seen improvements lately, but there is still a lot of work to be done. The growth we have seen in the web and the myriad devices that count on Internet connectivity have further fueled the explosion of malware and cybercrime in general.  This requires that all involved - hardware manufacturers, software vendors and users - understand that security is a fundamental pillar of the next generation of computing in any platform.  This transaction underscores this trend and is a call to action for all players involved to stay focused.

In terms of the financial rationale for the deal, there has already been a lot written and many experts are questioning the potential benefits, likely execution and implications for business and consumer users. Here’s a small sampling of some of the more thoughtful commentary from Forrester, Forbes, and others thus far:

• Forrester: http://blogs.forrester.com/andrew_jaquith/10-08-19-intel_mcafee_horseless_carriage_vendor_buys_buggy_whips
• Forbes: http://blogs.forbes.com/firewall/2010/08/19/intel-should-not-consummate-mcafee-acquisition/?boxes=Homepagechannels
• Mspmentor: http://www.mspmentor.net/2010/08/19/intel-buys-mcafee-upside-for-managed-services-providers/
• Week: http://www.eweekeurope.co.uk/news/gartner-intelmcafee-deal-is-a-surprise-9132

My take on the business side of the equation is that the new McAfee will be run pretty much as it is today, although from within a larger and not so software-knowledgeable organization, which for sure will raise questions and concerns for existing McAfee customers.

From a technology perspective, McAfee’s cloud technology has been for sure a key area of interest for Intel, as we know well, cloud detection has major benefits for hardware components if technology is available to the manufacturer.  My prediction is that a longer term focus will be around developing hardware-enhanced security that will enable better protection for consumers, governments and businesses, raising concerns among the industry and regulators.  Both industry and regulators will need to monitor any steps that may prevent users from getting the best security due to anti-trust related issues.

In the end though, as with any M&A transaction, user/shareholder value creation will depend on the integration’s execution and Intel’s ability to retail the key talent at McAfee.  One question that I’m not willing to wager on just yet is what will Intel do with McAfee’s consumer business? If they keep it, what is the strategy around it? And can they better execute against the clear threats that the business unit faces?

My last thought goes to why is McAfee selling now? Although Dave and his team have executed impressively over the years, market expectations were higher and that is reflected in the share price performance.  I think McAfee was finding it increasingly tough to compete with Symantec on the high end large end accounts. In addition, McAfee faces very tough competition from companies with disruptive business models, that are focused on the SMB/consumer. This has put a lot of McAfee’s operating income at risk, as evidenced by Panda’s early success with Cloud Antivirus, for example.

Tweet This Post 

Uncategorized

Oesisok, the independent international software certification institution, published its Worldwide Antivirus Market Share Report just a few days ago. This study analyzes the security solutions installed or used by 50 million computers around the world, the vast majority in the United States.

Even though the sample of the study is not clearly specified, the software found seems to indicate that it was home users (most applications being either free or retail solutions). The data gathered offers a view of the current consumer solution market, or at least gives an idea of each vendor’s market share.

I’d like to highlight the fact that 50% of the antivirus applications used belong to European vendors, whereas only 30% are American brands. This is very significant, especially if you consider that most computers in the report were based in the US.

Also, the freemium model (already covered on this blog) is a very valid option: 42% of all PCs had a free application installed. Actually, vendors offering free antivirus applications capture 40% of the market share.

Given that Panda is the only company with a traditional business model that has released a free antivirus to the market (and I don’t mean a promo version of our products with free services for a certain period of time, something we all do), I wonder what criteria have been applied to classify Panda…

In any event I am very pleased to see we occupy a very good position in the report. Actually, our market share is substantially larger, as the study does not contemplate antivirus solutions installed in companies.

We hope our colleagues at Oesisok repeat this study in the next few months so that we can also analyze the market trend, especially at the end of the year, when we all launch the new versions of our products for home users.

Tweet This Post 

Uncategorized

On numerous occasions you have asked us about the real cost of cyber-crime. As you may know this is almost impossible to quantify, not only in the case of companies but also in the case of home users as well. However, in order to realize the real dimension of the problem it is enough to read reports like the one recently published by Ponemom Institute, which analyzes the security of 45 US companies of various sizes (from small companies to large corporations).

According to this study, malware costs a firm on average $3.8 million a year. More specifically, the cost of cyber-crime ranges from $1 million to $52 million per year per company depending on the size of the business. The analysis attempts to capture the direct and indirect costs of cyber-crime, including information theft and productivity losses due to malware infections, attacks or visits to unsafe websites.

The report draws some interesting conclusions:

• The companies in the study have experienced at least 50 successful malware attacks.
• 90% of cyber-crime costs are due to Web attacks caused by malicious code, hackers or intruders.
• It takes companies an average of 14 days to neutralize a cyber-attack (average cost: 17,000 dollars per day). In the case of attacks carried out by hackers or intruders, it takes more than 42 days on average to neutralize them.
• Information theft accounts for the majority of financial losses (42%), followed by the disruption of business operations or productivity losses (22%).
• Detecting the problem and restoring systems and information accounts for 46% of internal activity.
• Cyber-crime affects all types of industries equally, despite the fact that costs arising from cyber-attacks are higher in the case of areas such as defense, energy and financial services.

Evidently you must bear in mind that not all companies are aware of the problems they experience due to malware, as most of these attacks are designed to go unnoticed. Such is the case, for example, with botnets, which rank sixth in terms of financial impact and the number of zombie computers is increasing every day.

You know that we have been talking for some time about the cyber-crime model behind the current malware dynamic. The ‘bad guys’ are organizing themselves into mafias trying to profit from their creations in numerous ways: by renting out or selling networks comprising millions of zombie computers to spread malware or steal data; by selling confidential information on the black market; by directly stealing money from bank accounts or credit cards, etc… There are plenty of cyber-crime business models, all of them aimed at making money fraudulently.

I hope there continues to be arrests like those of the Butterfly botnet mastermind or the cyber-criminals operating it from Spain (Mariposa). These will set an example and stress the idea that no cyber-criminal can escape unpunished.

Tweet This Post 

Uncategorized

As I have already explained on some other occasion, at Panda we are making a significant effort to ‘listen to’ the market. This means actually having a more direct contact with you, the user community. Along these lines I have created an email address for you to contact me directly and send me your feedback about Panda’s solutions. I am very interested in knowing what you like, what you don’t like and any other suggestions you might have to help us develop solutions more suited to your needs.

The email address is: feedbackCEO[at]pandasecurity.com.

This initiative doesn’t intend to replace, but rather complement other ways to contact the company. Therefore, I’d like to ask you to keep using the usual contact channels for issues regarding analysts, the media, tech support, etc.

In order to encourage you to send us your feedback on our most recent solution, Panda Cloud Antivirus, the first 25 people that contact me with their opinion or any suggestion about the product will get a free license of Panda Cloud Antivirus PRO.

Tweet This Post 

Uncategorized

Last March 3, as I have already explained on this blog, Panda Security together with Defence Intelligence, the Spanish Guardia Civil , the FBI and other international institutions collaborated to bring down the largest botnet ever reported in an operation called ‘Mariposa’. This joint effort not only resulted in the dismantling of the botnet and retrieval of a considerable amount of compromised data from private and public organizations, home users, government bodies and universities from over 190 countries, but also led to the arrest of the criminal network’s alleged administrators. So far, nothing new; but…

We knew, however, that they hadn’t developed the software that allowed them to build their network. They had purchased the original bot from a website, and had configured it to suit their own purposes without really having much computer knowledge. During the investigation, and thanks to the information collected from the botnet itself as well as the material seized from the defendants, a lot of information was obtained indicating the relationships between them and other cyber-criminals. Among them there was the author of the software that they used to create the bot, the so-called Butterfly Kit. This information has let the Slovenian authorities arrest ‘Iserdo’, the 23-year-old hacker that developed the malware creation software.

The Butterfly Kit original software is behind Mariposa and many other botnets. As far as we know –bear in mind that the investigation is still under way- the kit was sold online for between €500 and €1,000 per unit. This software was designed to make cyber-crooks’ lives a lot easier, as it was very simple to configure and manage. This is clearly shown by the fact that the three cyber-criminals arrested in Spain had limited computer skills.

We estimate that the Butterfly Kit has been used to create almost 10,000 unique pieces of malicious software and over 700 botnets. Mariposa was just one of the hundreds of botnets created with it, and just one malware strain allowed its administrators to infect almost 13 million computers all over the world. So far, we are not sure about the dimensions of the other uncovered botnets, but the total number of affected computers could be alarming.

There is no doubt that this joint effort provides a great example of how to fight cyber-crime: coordinately; bringing together synergies and the knowledge of the different security industry players and public bodies; pushing for appropriate legislation and punishment; and sharing the necessary information and training for the different working groups –like the Mariposa Working Group– to develop prevention technologies and research strategies to arrest, prosecute, and sentence criminals effectively.

In this case, after a long investigation (we have been collaborating in the botnet shutdown for almost two years now), we have been able to track down the mastermind behind the cyber-criminal group. There is no need for me to say how proud we are of having been involved in such a successful operation from the start. As Jeffrey Troy, Deputy Assistant Director for the FBI’s cyber division says, “As opposed to arresting the guy who broke into your home, we’ve arrested the guy that gave him the crowbar, the map, and the best houses in the neighborhood. And that is a huge break in the investigation of cyber crimes.”

The fight against cyber-crime is still a priority for all of us. From Panda Security we will continue participating in investigation projects, taking as an example the excellent work done by all parties involved in the Mariposa case. And we’ll do it not only privately, but also as members of various associations, working groups and organizations (like www.cnccs.es) whose common goal is to improve Internet security for everyone.

Tweet This Post 

Uncategorized

A new 0-day vulnerability has recently been discovered in Windows (even though it is not strictly speaking a vulnerability, but a feature of the operating system) which allows  unauthorized execution of files through the desktop shortcut icons. Our laboratory urges users to apply the small application released by Microsoft as a workaround until the definitive patch is developed (despite its side effects).

Besides the clear threat that this issue might represent should a cyber-crook develop specific malware to exploit this feature massively (in which case we can expect some weeks of high-activity…), it turns out that somebody had already realized this possibility of infection and had already developed and distributed a malware specimen specifically designed to affect SCADA systems.

SCADA systems –for those not familiar with the term- are normally used to control public services like electricity, water, as well as other large-scale industries and infrastructures related to the stability and functioning of countries, such as nuclear plants.

Since we started the National Cyber-Security Advisory Council (www.cnccs.es) in May 2009, one of the initiatives we have most strongly pushed for is the need to tighten up security in critical infrastructures. When we talk about this, people usually react as if these arguments actually belong to the script of the latest Hollywood summer blockbuster rather than a real danger.

We always argue that it is not that these threats are not real, but they -fortunately enough- have not yet been exploited… Even though we don’t have to go too far back in time to find news about potential cyber-attacks between countries.

Now, this malware strain is capable of silently infecting a user simply by sharing a memory device, and letting cyber-crooks, cyber-activists or even cyber-terrorists take control of any of the aforementioned infrastructures.

You must also bear in mind that these infrastructures are considered more vulnerable. Why? For a number of reasons:

- SCADA systems connect and communicate over the Internet.

- All sectors are increasingly dependent on information and communication technologies

- The “bad guys” have gradually more access to tools and networks that let them conduct this type of attack.

Add to this the existence of vulnerabilities or features that make their job easier and you will have the perfect ingredients for a devastating attack.

What is clear is that what once seemed to be a science-fiction scenario is now seen as a real threat (even though this danger existed in the past…). We hope these types of attacks take a long time to arrive… And we are truly prepared to neutralize them should they eventually occur.

Tweet This Post 

Uncategorized

Over the last few days we have been presenting in Spain the results of a survey we carried out from January to May asking parents (with children up to 18 years old) and teenagers-youngsters (up to 20 years old) about their Internet browsing habits. This study is part of a campaign we have been carrying out in various countries over the last two years.

Once again, and despite the awareness and education campaigns conducted by security companies and other entities, the study has revealed some surprising facts:

• 1 in 3 teenagers has met a stranger on the Internet, even though 30% consider it dangerous.
• 99% of young people in the survey use some social networking site or some kind or direct communication system on the Internet. Only 47% of parents are aware that their children visit these websites, and in many cases they don’t know exactly which ones they are or what their children’s profiles are.
• There is a general sense of security among parents (72% of them claim to know how to stay protected) and children (83% of them say they feel safe on the Web). Only 44% of children in the survey say they have received information about how to use the Internet safely. This contradicts parents’ responses, as 79% of them say they have discussed Internet security issues with their children.
• Parents and children agree that the Internet’s greatest dangers are contact from strangers, followed by viruses and data theft.

Even though some months have passed since we released these videos, they are still perfectly valid to illustrate the reality we are facing http://vimeo.com/3721066 and http://vimeo.com/3722519

The debate is mainly focused on the way social networking sites are used, and their risks. In my opinion it is a mistake to think of the Internet as something “evil”. The Internet is a fantastic tool that opens up a world of possibilities, and as such there is no doubt that it will gradually become a more extensive part of our lives. Nevertheless it is important to take some basic precautions when using it. Social networking sites are fun and a great way of socializing and staying in touch with people. However, we cannot ignore the fact that they can also pose a series of threats:

• Risks and threats to data privacy and integrity. This greatly depends on the security awareness and education of minors (and adults as well).
• Security flaws:  The hackers’ favorite target to spread their creations and to attack databases and exploit platform vulnerabilities to get private data and take advantage of it.
• Identity theft.
• Sometimes we forget the fact that we are actually exposing our private lives on the Web: personal information revealed, online or offline targeted attacks (E.g. FourSquare) or theft of data for distribution (E.g. Pictures of celebrities that sometimes end up in the media).

As security awareness increases the situation will improve. From Panda and all the security forums we participate in we will keep asking for collaboration from both private and public institutions to inform about the risks (and benefits) of these tools. 

Luckily, the new generations are growing up “digital”. They have made the use of computers part of their everyday lives so it shouldn’t be difficult to incorporate computer security issues into their learning processes. It is just a question of all parties involved -parents, teachers, companies and public institutions- taking the issue seriously.  It is worth for them… and for us who are responsible for their education and protection.

Tweet This Post 

Uncategorized

Just over a year ago, coinciding with the launch of the first Beta version of Panda Cloud Antivirus,  I wrote a post about the freemium business model. This launch had a major impact on the market, largely because, in addition to being the first cloud-based antivirus, Panda Security was a company with a traditional business model ‘daring’ to offer a free solution. 

Back then I explained the reasoning behind our ‘Free’ strategy.  And one year on, what was then just a theory, has become a reality, and our decision to go with this solution has helped us in many ways:

a)      Our brand recognition has increased considerably, thanks to the launch of a pioneering and revolutionary product which, in addition, is free.

b)      We have a large user community taking advantage of our product, who increasingly help to improve it and prescribe it to others.

c)       Thanks to this strategy, Collective Intelligence, our automatic system for detecting, scanning and disinfecting new malware, has benefited enormously. It now receives more knowledge from an enlarged user community, and this in turn has positive repercussions for the protection delivered to clients and users of other Panda solutions.

I also said at the time that such a model is only sustainable if there is a monetization strategy behind it, albeit one in which the return on investment is over a longer term. Now is the time to take the next step. We are now immersed in the launch of Panda Cloud Antivirus Pro, a pay version that will allow us to continue advancing our strategy of providing free security for all users who want it, as well as offering additional functionality for those who want to buy the Pro version.  

A year ago we were convinced that the sector would evolve in this direction. And now the data confirms this: Morgan Stanley has recently published a report indicating, on the basis of a study carried out in the United States, that 46% of home users use free security solutions (and an additional 13% intend to “switch to free” when their license expires in the coming months). 

IT security is evolving rapidly and this evolution will affect the entire sector.  At a time when it is more critical than ever to be protected against malware, it is paradoxical to see how this protection can now be obtained for free… this is good news for users and explains the success of solutions such as Panda Cloud Antivirus.

Tweet This Post 

Uncategorized

On several occasions I have spoken on this blog and in interviews about our take on IT threats for Mac. There is a widely held view that Mac users are in no danger, as viruses are only designed for Windows platforms and because the Mac operating system is more secure than Windows. The truth is that there are viruses that operate in the Mac environments. The difference lies in the amount of malware circulating in comparison with threats designed for Windows. The explanation is simple: If you are a cyber-crook trying to profit from your activity and you want to infect as many victims as possible, what is the ideal target? A platform with 100 million users or one with 1000 million? The answer is obvious.

I’m also convinced that as the number of Mac users increases and as it reaches a significant market share, hackers will begin to find an inviting breeding ground for distributing their infections. I would go so far as to say that they will find victims unprepared, precisely thanks to the false sense of security that Mac users have. Therefore, when this happens, the situation could well bring back memories of some of the notorious epidemics such as Nimda or Sircam.  And regardless of any presumed absence of viruses, Mac users are just as vulnerable to spam and phishing.

In any event, it is important to underline that although there may be less malware designed specifically for Mac, and the chances of infection may be lower, this has no bearing on whether Mac users are contributing (knowingly or unknowingly) to the propagation of IT threats.  Perhaps unwittingly, many of them will be infecting Windows users connected across various channels (email, social networks, etc.). We should also bear in mind that Mac users often have Windows installed on separate partitions, or distributions that allow them to share files with Windows, and that it is practically essential to have an antivirus installed on these partitions.

In our business, we would say this is another infection vector. There are a couple of scenarios that illustrate well the reality of malware distribution in these environments: the exchange of information via USB devices (pen drives, hard disks, cell phones…) which are connected to both Mac and Windows systems, on the one hand, and on the other, Mac codecs, which are becoming a popular trend for hiding malware. These situations are just an example, but if we stop to think, there are many cases where using a Mac platform without protection is a risk for the users themselves and for others that come into contact with them.

Finally, regarding the myth that the Apple operating system is more secure than Windows … we’ll talk about that another day: -)

Tweet This Post 

Uncategorized

Traditionally, at Panda Security our technological innovation has set us apart from our competitors and has been the cornerstone for our competitiveness. Throughout our 20-year history, we have reinvested 30% of our turnover in innovation, and this has made us a company that commands wide respect among users, the industry, analysts, opinion leaders, etc.

It’s no easy task to base the culture of a company on radical innovation, as it requires having a series of determining factors in place in the corporate environment, or, if they don’t exist, creating the necessary framework. Such experiences vary in line with the country in which the company operates: In countries where there is a strong technological tradition along with governmental understanding and support for innovation, any company that undertakes these activities with intelligence will probably be successful. In countries without such a technological tradition (as is the case in Spain), this task can become more complex, although, as demonstrated by Panda, it is still possible to succeed.

The human assets of a company represent the cornerstone for successful innovation. They must be fully committed to the project and have the initiative required to drive the engine of innovation. To support this, the country where these types of activities are developed should, in my opinion, have policies that incentivize capital investment in several ways:

- On the one hand, favoring capital investment so companies have sufficient financial capacity and muscle: policies incentivizing investment -not just towards the raising of ‘national’ capital, but also attracting international investment.

- A fiscal framework that makes it possible to attract talent from outside and adopt competitive stock option policies, special fiscal conditions, etc.  In our case, security is a specialized niche market, and it is not always easy to find people who fit the profile we need to perform this type of work.  It is important we have a framework that is competitive with other markets in this respect.

- Thirdly, also as an engine of innovation, we need to create an environment where future generations are suitably trained and competitive within our own country, driving research and development with measures, grants and specific training programs, with a dual purpose: on the one hand generating wealth through the creation of talent in the country itself, and on the other, preventing a brain drain by enabling this talent to flower in its own country.

These policies would help contribute to the success of entrepreneurs in any country, yet they can never replace the key to success of any entrepreneur: having an innovative idea and executing it effectively in the right-sized market. They can’t replace it, but they offer significant help.

In many countries in southern Europe, we still have a long way to go, and our governments seem to be focused more on short-term policies -with one eye on their own personal horizons (the four-year term in office…)- than on defining policies and structural reforms that would guarantee the competitiveness of our markets and companies in the long-term…

Tweet This Post 

Uncategorized