PCW: You've been in the anti-virus business for a long time. What are your thoughts on the evolution of malware?
Malware has evolved in three stages. The first stage was more about smart young programmers writing viruses for fun, or to learn about replicating programs. These viruses were more benign, and they were not written with a motive to make money. This has now changed. Viruses and malware is currently written by professionally organized groups with the intention of making money. The current situation of the internet helps malware creators make money with very little risk, and they aren't out to just have fun anymore. Also, malware writers are increasingly targeting newer devices like smartphones, which have a low security barrier. I feel that cyber-terrorism will increase as well, with countries infrastructure being targeted more and more in the days to come.
What do you think about the links between cyber-crime groups and organized crime? Are they joining forces?
I don't think this is true. The cyber-criminals don't have strong links with organized crime groups. They may have some links, but I don't think it's fair to say that all cyber criminals are part of the real Mafia, or other organized crime groups. The mentality of a cyber-criminal is very different from a real-world crook, and it's not true that all cyber-criminals would commit physical crimes, or think like people who are used to more violent lifestyles.
What can we do to fix some of the problems with malware on the Internet?
The Internet was never designed with security in mind. If I was God, and wanted to fix the Internet, I would start by ensuring that every user has a sort of internet passport: basically, a means of verifying identity, just like in the real world, with driver's licenses and passports and so on. The second problem is one of jurisdiction. The Internet has no borders, and neither do the criminals who operate on the Internet. However, law enforcement agencies have jurisdictional limits, and are unable to conduct investigations across the globe. I feel we need an international agency to combat this problem, something like an Interpol for the Internet.
Won't your suggestion of Internet Passports remove the anonymity from online browsing, thus causing problems for people who may be operating in countries that are not friendly to their views, and so on?
There is no such thing as anonymity on the Internet, for the average user. It is relatively easy to identify the casual surfer from his IP address and the ISP's logs. Criminals, on the other hand, are professionals who know how to hide their tracks. A passport would be beneficial to law-abiding users, and would make it that much more difficult for cyber-criminals to hide.
Is your company moving from pure AV solutions to more comprehensive risk-management solutions?
In any case, there is no point talking about pure AV anymore, even for home users. The minimum you need is Anti-Virus, Anti-Spam, and a Firewall. We do have a few risk-management options, but we don't want to dilute our products by broadening our focus too much. We would like to stay focused on security, and make sure we have the best products in that area.
Here's a more speculative question: looking into the middle future, say in twenty years, how do you see the internet evolving?
I would like to answer this in two parts. Firstly, I don't know about twenty years, but I feel in about fifty years, the Internet will be a much more regulated, safer place. Just as society has evolved, so too shall the Internet evolve, with identification, regulatory agencies and all the things that keep society running smoothly. There will always be criminals, but not as many as there are right now.
Secondly, in the near future, say in about ten years, I feel that we may see an increase in cyber-terrorism attacks. Governments right now don't see this as a critical problem, but I fear that there will be some sort of major attack that will change this perception. Also, I think we're going to see more devices such as smartphones, car computers, smart homes and the like come under attack from malware writers.