Panda Security Insight

One of the bonuses for us at Panda Security of organizing the Security Blogger Summit is that we get the chance to interact a lot with the panelist during their stay in Madrid. Having lunch at Botin has become a tradition.   Botin is acknowledged as the oldest restaurant in the world as it was founded in 1725.  Being a technology company, taking our panelist to such a place makes a nice contrast.

On Thursday we had a very interesting lunch with some of the panelists, including Brian Krebs, Joseph Menn, Kurt Wismer, Marc Cortes, Yago Jesus, Javier Sanz.  As always, food was great.  In addition we had time to discuss various  hot topics on security.

I was most surprised about a statement by Joseph:  some of the largest cybercrime gangs out there are protected by some of the largest governments in the world.  He has recently published a book which is very interesting to read on the topic.  Most at lunch agreed with the statement and with the fact that neither governments nor police organizations or judges do much against cybercrime and that it is not really at the top of the agenda.  When I asked why, they all responded that the reason is basically that Governments don’t really understand how big the problem is and neither police or judges have the tools, jurisdiction or desire to make it a priority given that they don’t understand much about the problem.  As they later said in the Summit, for cyber security to become a priority for Governments “someone would have to die so that it becomes a social problem” … as Joseph said, we are not far away from that anyway.

I have been saying for a long time that the cost of doing nothing is far larger than taking action and I normally use the analogy with tobacco.  At a given point in time, governments worldwide realized that, in addition to killing large portions of their population, tobacco had a big economic impact: absenteeism, cost to the National Health Systems, etc.  Only then they took action.  It took them years … Lets learn from our mistakes.

Technology is an integral part of our lives already and it will only grow in importance.  Ignoring cyber security is a recipe for disaster.  It is not just asking people to use a security solution, it is making them aware of the threats and have privacy in mind when using today’s tools and social media services, it is protecting critical infrastructure, it is legislating, chasing and punishing those that benefit from cybercrime, it is teaching kids at school how to use technology safely and responsively, etc.

Users are not only not aware of the dangers, but living under the perception that the digital world is secure, and as we know, that is not the case.  Let me finish with a real life example: before giving a training at a public school on cyber security a friend asked for the names of those in the class he was going to speak.  For one week, and using only social media sites, he “investigated” all in the class.  The day he spoke in front of the class, he began telling the kids where they had spent their weekend, the home addresses and telephone numbers, and many other many personal details about most of them. The kids were shocked and wondered how he had found all the information.  Now that he had caught their attention, my friend went on to explain that one should be wary of who invites you as a friend in a social site and simple things like how to establish adequate privacy settings on social sites like Facebook or Tuenti … which was the only mean he had used to get all that information.

If we can’t find any other good enough reason, at least we need to bring cyber security to the front page of the newspapers … for the sake of our kids.  They are at risk and they don’t even know it.

Tweet This Post 

Uncategorized

This week our PR department issued a press release compiling some of the awards and recognitions that we have obtained this year. I wanted to thank all of you that have made this possible: to begin, thanks to the Panda team in all the 56 countries where we are present, but also a very special thanks to all the media, bloggers, testers, institutions, customers and all users of our products. You all help us improve every day!

We are very proud about the progress that we have done in 2009 in bringing our “20-years-old start-up” (as we like to call it) to the next level and look forward to 2010 to continue working with you.

Before ending, let me share with you that on Friday we learnt that we have been nominated for the Financial Times-ArcelorMittal Boldness in Business award, within the category of “Newcomer”. We are delighted to share the nomination with an impressive list of companies (Twitter, Spotify, Zopa and Synthetic Genomics are the other four candidates in this category). The winner will be announced at the end of February in London.

I am convinced that the strategic shift that we have taken by taking advantage of our very advanced cloud security technology and how it has been applied to our consumer and corporate solutions (www.cloudantivirus.com and cloudprotection.pandasecurity.com) has played a key role in our nomination. And we are delighted about it … it will allow us to get our solutions known by a even wider audience. Thanks again.

Tweet This Post 

Uncategorized

At this time of year, security companies usually try to predict what will happen during the coming year. Here are my ‘predictions’ (which are also those of our anti-malware laboratory, of course :-)).

The cloud is here. Many of us already use it, probably without realizing. Who doesn’t use Hotmail or Gmail to check email and Flicker to store photos? Cloud-based services are not only limited to storage, but also to data processing. This is a tool that can save companies considerable investment, and as such it is becoming increasingly popular. In the security area, the market is constantly evolving towards real-time, cloud-based protection. In 2009, Panda has already launched the first security products based exclusively in the cloud…

Malware. Unfortunately, the amount of malware will not decrease in 2010. On the contrary, it will continue increasing exponentially. Due to the greater efficiency and speed provided by cloud-based technologies, malware creators will probably create more samples to evade detection and removal. The purpose, however, will not change: infections will continue to be geared towards financial profit. Consequently, fake antiviruses (rogueware), bots and banker Trojans will still rule the roost.

Social engineering techniques will continue to be popular among the criminal fraternity, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages. In the case of social networks, we have seen numerous examples of worms and Trojans affecting Twitter, Facebook, etc. Malware-creators tend to go where large numbers of users are. These platforms will therefore be one of the main targets.

Windows 7… How will Windows 7 affect malware development? Considerably, we believe, given the warm welcome that the market has given to this operating system. As practically all new computers are coming with Windows 7 64-bit, criminals will be busy adapting malware to the new environment.

…and Mac. The market share of Mac PCs has increased over the last few years. Although there are still not enough users to make the platform as profitable as PCs, it is becoming gradually more attractive to cyber-crooks. Like PCs, Mac computers are used to access social networks, check email and surf the Web (the main malware distribution channels used by cyber-criminals). Mac is no longer a safe haven against malware. In 2009 we have already seen numerous attacks, and these will increase in 2010.

What about cell phones? We believe 2010 will not be the year of threats to mobile phones either. The PC is a homogenous platform, with 90% of the world’s computers running Windows on Intel, which means that each bug created has a potential victim pool of 90% of the world’s computers. The mobile phone scenario is much more heterogeneous with a multitude of different vendors using different hardware and operating systems.

These are the predictions; let us see whether they have come true in a year’s time. I would like to finish with a message for soccer fans: The 2010 World Cup in South Africa will be exploited by cyber-criminals in numerous ways (fake tickets, junk mail, etc.). Don’t drop your guard.

Tweet This Post 

Uncategorized

I think Panda has changed significantly over the past months: from an introverted and technology focused company, we have evolved and become much more open and extroverted, aiming to interact much more with a rapidly changing marketplace.  Factors contributing to that change include not only our renewed technological leadership through our cloud based security products (like Panda Cloud Antivirus or Panda Cloud Protection)  but also a refreshed communication strategy.

As its impact is perceived by those that interact with the company, I am often asked the same question: “How have you guys done to change your communication style?”, most recently, at a roundtable where the 2.0 economy (wow, when I use the term I realize how much I dislike it …).  My answer is always along the following line: you don’t actually have to do anything aside from encouraging people to behave within the company as they do in their daily life.

It may be because we are a technology company, but the reality is that a majority of us already used all kinds of social tools. Hence the only thing we had to do is to actually tell everyone that the use of such tools was welcomed as a working tool as well.  The use of them exploded within the organization and the impact on the business was overwhelmingly positive.  I am totally convinced that the success of a social media strategy in a company is achieved when you actually stop talking about it as a differentiated strategy.  When that happens, it is because it has become natural for these “new” channels to be used for the company’s daily work.

While some companies were (and many still are) concerned about productivity, spokespersons following the company communication guidelines or employees potentially disclosing confidential information when they interact with the media, at Panda, we have taken a conscious decision and encouraged everyone to interact with the “outside world” as they see fit.  After over a year of having this new “policy” (or more appropriately, the lack of) in place, we can only talk benefits from a decision that has impacted most areas in the company: from support to product management, from PR & Communication to  sales … even some developers, who tend to be much more reserved, can be seen in Twitter : -)

As Zaryn, CEO of Tuenti, the Spanish challenger to Facebook and Angel María, CEO of Bubok emphasized during our roundtable, the key to a successful social media strategy is probably not having one, which is the way to guarantee “authenticity”.  Equally to the real world, the more you interact with those around you (and social media is about continued interaction), the more difficult it becomes to pretend …

Ps. These are just a selection of some of the blogs, Twitter, Facebooks or Tuenti’s accounts from some of us at Panda

Panda Facebook
Tech Support Blog
Cloud Antivirus Blog
PandaLabs Blog
Panda Research Blog
http://twitter.com/PandaSecurity
http://twitter.com/Panda_Japan
http://twitter.com/kaijern
http://twitter.com/PandaBrasil
http://twitter.com/PandaTechSup
http://twitter.com/Luis_Corrons
http://twitter.com/YolandaRuiz
http://twitter.com/lithium
http://twitter.com/alfonsof
http://twitter.com/AnaE
http://twitter.com/pozole13
http://twitter.com/eaguilera
http://twitter.com/OscarCavada
http://twitter.com/Xfrancisco
http://twitter.com/FiguerolaMK
http://twitter.com/Kikecien
http://twitter.com/Pandanica
http://twitter.com/pandacilla
http://twitter.com/steinareriksson
http://twitter.com/Eth_x

Tweet This Post 

Uncategorized

Last week I had the opportunity to participate in a digital chat with readers of the Spanish newspaper Expansión, to resolve their queries about computer security. I must say that this turned out to be a very positive experience, as I had first-hand information of users’ worries.

One of user’s major concerns is the way Internet mafias operate. Keeping the integrity of personal and banking data when carrying out online transactions is one of the most important worries in today’s digital society.  I am glad to see that little by little Internet users are becoming aware of the real danger behind cyber-criminal activities. However, I am afraid that there is still a lot of work to do in this area. Companies are also becoming more aware of this threat, as, evidently, data security and confidentiality are extremely valuable assets for business evolution.

I would also like to make it clear that the fact that there are hidden dangers on the Internet does not mean that we should take an alarmist approach to this. As I have repeatedly explained on this blog, as far as you have good protection and use technologies responsibly, using the Internet and e-commerce resources is much safer than carrying out other daily activities whose risk is actually much higher.

I also had the opportunity to answer a question about Panda Security’s position in Spain regarding innovation. As I have already mentioned on other occasions, Panda Security has always been praised worldwide for being a technological leader. Throughout its history, the company has always reinvested 30% of its turnover in R+D+I, which allows us to develop technological innovations and launch them to the market before other companies. This has resulted in a number of prizes like the one we have recently received from IDG, which has chosen Panda Managed Office Protection as the best security software in Latin America in 2009.

Finally, I would like to mention the huge interest that the Consejo Nacional Consultivo sobre Cyber-Seguridad is attracting.  Many of the Internet users that took part in the event asked for more information regarding this initiative which, as many of you already know, aims to make the Internet and information networks a safer place for users, as well as boosting innovation and financial growth through safer e-commerce.

In short, I was delighted to participate in such a great initiative, as I firmly believe in engaging in direct communication with clients. At Panda Security we want to be close to users. We are willing to listen to them, to learn from them…. All in all, our intention is to offer solutions to the everyday problems users face when using the Internet.

Tweet This Post 

Uncategorized

Twenty years ago, Artemis, our first antivirus, detected 3 viruses. Today, with our Collective Intelligence automatic detection system, we have more than 29 million individual samples of malware stored in the cloud. Celebrating an anniversary is always a reason to be happy. But it’s also a good time to look back and take stock of how we have evolved through all these years into “the Cloud Security Company”, a positioning which reflects the evolution of our technology rather than a question of marketing.

Mikel founded Panda in Bilbao (Spain) in 1990. This was a time when the Internet was far from a widespread phenomenon; information was more commonly exchanged by fax and computer infections were transmitted primarily through floppy discs. Risks clearly had another dimension… Yet Artemis and Collective Intelligence have more in common than it may seem: Both are the product of a commitment to technological innovation, of the search for solutions to contemporary problems… of a spirit that has characterized this company since it first set out.

I’m not going to give a rundown of our 20 year history. For that we have prepared a website with images, videos, anecdotes… You’ll be able to see how things have changed: our products, advertising, malware… and ourselves!
However, I would like to reflect on four milestones that illustrate well how innovation has become the basis of our identity. In 1998 we were the first company to deploy daily signature file updates. In 2004, we launched TruPrevent, the first automatic system on the market for behavioral analysis of threats and intrusion prevention. In 2007 we delivered Collective Intelligence, the first database technology for classifying signatures and in 2009 we have launched the beta version of Cloud Antivirus, the first free, cloud-based antivirus. So it’s not just that we evolve, we are ahead of new trends, and it is this that has helped us grow into one of the leading global security companies, with offices in 56 countries and a team of more than 1,500 employees.

All this has been possible thanks, on the one hand, to the Panda team, all those individuals who work day in and day out to drive the company forward. And on the other hand, to all our clients. All those individual users, small family businesses, companies of all sizes, partners, public organizations… who over the years have entrusted the security of their computers and systems to Panda. This is a thrilling project that we have, which changes from day to day, demanding constant innovation, impossible to get bored of… To all those who make this possible, thank you!

Tweet This Post 

Uncategorized

Ehud Tenenbaum, alias “The Analyzer” has been found guilty of credit card fraud and a sophisticated hacking scam in New York. Federal civil servants estimate he stole 10 million dollars from U.S. banks. Tenembaun, 29 years, was also arrested in Canada last year, and still hasn’t been tried for allegedly stealing 1.5 million dollars from Canadian banks. This Israeli hacker hit the news 10 years ago when he was arrested for the first time at the age of 19. He could be sentenced to up to 15 years in prison, which we hope will be a deterrent. Wikipedia has a list of recently convicted cyber-crooks. However, the fight against cyber-crooks doesn’t always end this way…

Malware has become a multi-million dollar business where catching hackers is difficult (the Internet has no barriers, but the law and the police do). In addition, and due to different laws, hackers that are caught are fined with sums that are rarely proportional to the seriousness of their crimes and the illicit benefits they obtain. I remember a cartoon, where a robber points a gun at a checkout operator who answers: “Why do you go to so much trouble when you can do it online?”, and at less risk…

Cyber-crooks take advantage of the fact they are extremely difficult to track. Their business structure is increasingly complex: some hackers create banker Trojans, others distribute them to steal credit card details and others launder the money stolen. Criminal activity spreads across countries, while there is little inter-state collaboration. Security force investigations have several limitations.

Furthermore, the few cases in which criminals are identified, on being tried there is no adequate cyber-crime legislation (crimes are not classified) and in general, the law is not ready to try these kinds of cases. Some criminals are sent to prison, but in many cases they are only fined (which is affordable for cyber-criminals).

As an example, PandaLabs carried out the following “mathematical exercise”:  due to the rapid increase in rogueware (fake antivirus software) and to its single objective of obtaining financial benefits, PandaLabs wanted to quantify its economic effects. Based on estimates made by the IT sector, PandaLabs calculated cyber-crooks were earning 34 million dollars a month thanks to rogueware.

With such vast potential profits, there is a need to adapt legislation, advance inter-state cooperation and increase prison sentences. We are increasingly finding that where there is malware, there is a professional criminal operation behind it.

Tweet This Post 

Uncategorized

Today I would like to share with you some good news about Panda…
 
We have announced the recent purchase of our Swedish, Finnish and UK franchises. With these additions, we now have a direct presence with our own offices in 12 countries and we will shortly be announcing the purchase of a company in China. We are also present, in the form of franchises, in another 44 countries.
 
Panda’s history is one of innovation in all fields. When we first embarked on our international expansion in 1995, we asked ourselves how we could expand the company globally without the financial muscle to establish ourselves in other countries.
 
We found the answer to the question by adopting a franchise system, operating under very specific criteria. And this system was a tremendous success. There is no doubt that this business-oriented innovation, along with the technological innovations we have fomented overtime, have helped Panda become a reference point for the market worldwide.
 
Over the last two years, with the entry of investment funds such as (Investindustrial, GalaCapital, HarbourVest and Atlantic Bridge) in our share capital, we have found ourselves in a very comfortable position to face the present crisis. After 20 years of success, we are now at a point where we can make the investments we need, which makes us highly competitive both on the corporate and consumer markets and from a technological and product-centered point of view. We also have a highly scalable business model that gives us the flexibility to grow.
 
We have also just launched our Retail 2010 product line and we are revamping our corporate solutions. And needless to say, have redoubled our commitment to Cloud Antivirus, the solution we launched last April and which has once again positioned Panda in the vanguard of security technology.
 
I have to say, this is possible not just thanks to our partners, but also to the whole team working tirelessly in 56 countries to make all of this possible. Can we improve? Always.

Tweet This Post 

Uncategorized Cloud Antivirus, Panda Security, purchase

Over the past few weeks I have participated in various events where I have had the opportunity to share, jointly with other members of the Panda team, some of our latest research on cyber-threats.  Some of this examples include this PandaLabs post, this Press Release or this Panda Security Insight post.

There is a recurrent question coming out from those attending any of those events: “given those increasing threats and their broad impact on society overall, why don’t security vendors share this?”.  Our repeated response is “We DO already”.  There must be something wrong with our communication strategy… There is a big effort being done by vendors to raise awareness about the various cyber-threats that affect both consumers and businesses.  Malware has been escalating over the past years and, in addition to fight it with improved technologies, most security vendors have increased PR efforts to make it known to the wider population.  We all know that technology by itself cannot win this battle, users need to know the basics about cyber-threats in order to be able behave adequately when using / benefiting from technology.   

You can get a sense of these efforts (and quickly understand how many and diverse the potential threats are) by visiting some of the security vendors blogs.  In addition to Panda’s, you may want to take a look at some other security vendors blogs: McAfee, Symantec, F-Secure, Sophos and many others. 

If all vendors communicate recurrently with the market and share our latest research and most of us are pushing initiatives to increase awareness about cyber-threats and how to be protected, why is the general public still so unaware of the problem?  One of the reasons lie in the fact that we may be perceived to be biased and having a business interest in exaggerating the existing threats.  Reality is that, while it benefits us indeed users buying our security products, our driver is not improving our P&L.  If we were to calculate the ROI of our “increase awareness” activities, I would not be surprised if it was negative (our worldwide “Protect our kids” campaign may serve as an example).  We do these activities (I speak for Panda, but I am sure that most other vendors share this view) because they are an intrinsic part of our mission.

With this in mind, and in order to have a bigger impact on Society, I encourage public administrations to work alongside with us, security vendors, to continue to extend the message.  Technology and the Internet are great tools that will help the world be prosperous.  However, as they have been adopted by a growing percentage of businesses and consumers for their daily activities, we need to continue to work to maintain them safe.

Tweet This Post 

Uncategorized

Last week we held a WoKa Euskadi meeting at our offices in Bilbao.  Woka Euskadi is an initiative led by Innobasque, an non-profit organization to foster innovation in the Vasc region.  Woka Euskadi was held simultaneously in 125 different locations and involved around 5,000 people.  Panda was invited due to our focus in innovation.

Woka Eusdadi’s objective was to analyze alternatives and push forward innovative proposals to help fight the global recession.  20 people participated at Panda’s offices, including employees and outsiders such as Urko Zurutuza, Phd. In Computer Sciences and teacher at the Mondragon University and Itziar Algora, Vice-Dean at Science & Technology’s University of the Vasc Country. 

Some of the proposals that the team put forward included: increasing innovation efforts through public administrations funding; fostering technical training aligned with companies’ real needs by universities, encouraging work ethics based on a culture that rewards personal efforts and accomplishments, involving employees in companies’ strategic thinking; and Governments to seek long term goals that go beyond governing mandates.  Innobasque will present the global conclusions of the various sessions on June 18^th.  

Innovation is at the very core of Panda.  Innovation is not an abstract concept: it involves “seeking solutions to everyday issues by doing things differently”.  To innovate is to think forward, to be “One Step Ahead”, as our tag line says.  It is an attitude, a … contagious attitude.  We are fully committed to innovation.  Furthermore, with initiatives like this one, we work hand in hand with other constituencies to improve our society.  I am firmly convinced that it is key that public and private organizations, jointly with the broader society, work together to try and solve the global issues that affect all of us. 

Tweet This Post 

Uncategorized