Let's Talk Computers Interview - Majority of U.S. Adult Computer Users Are Unprotected From Malware

Complete Transcript of Rick Moy – ESET Interview 
on Let’s Talk Computers 
 July 29th 2006 
Alan: According to the latest survey, the results are staggering. “The majority of U. S. adult computer users are unprotected from Malware.” And to tell us why, our guest today, is Rick Moy, Vice President of Marketing with ESET. And welcome to LET’S TALK COMPUTERS, Rick. 

 Rick: Hi, Alan. 

 Alan: Rick, who conducted this astounding survey and how was it done?

 Rick: We actually commissioned a survey to be done by Harris Interactive, which is one of the leading market research firms globally, with offices around the world. And they specialize in doing online polls of respondents that they have collected throughout North America. We had been getting a number of comments from our customers that were coming over from other Anti-Virus companies about the problems they were having. It gave us an idea that we should look deeper into this phenomenon. So, we commissioned the study to be done. 
 Harris provided comprehensive survey of over 2,000 adults from the United States – East Coast/West Coast, male and female, (a broad demographics). And what they found was very shocking. Overall, the research shows that many consumers have a false sense of security while they’re online. This is really important, because the number of zero-based threats are rapidly increasing. And consumers really need to be proactive in how they protect themselves and their personal information.

 Alan: I read this survey and it is staggering. It kind of backs up what I’ve found. Because when I ask people, what kind of anti-virus software they have on their machine? Now, when’s the last time you updated it? And they look at me with blank stares, “I really need to update it? I though once I bought it and put on the machine, it protected me.”

 Rick: That’s a common response. People today, really are not as educated as they should be about the threats that are out there on the Internet and the steps that they could and should be taking to protect themselves.

 Alan: Also, when you buy a brand new computer, in most cases they put some kind of anti-virus software on. It usually has like a 30-day or 90-day trial subscription. And after that particular time people just turn off the reminders. Why?

 Rick: I think the survey results really reveal what’s going on here. It’s that people are being prompted to take an action that they don’t necessarily fully understand. Or, that is intrusive to them. It’s getting in the way of what they’re trying to do with their computer. Nobody bought the computer to run security software.

 Alan: It’s also the fact that people actually get angry by getting the reminders to purchase the software after they buy a computer. They seem to think that once they have paid the money for the computer, that the computer company should be responsible for protecting from being out there on the Internet.

 Rick: What’s going on here is that the major brands in Anti-Virus are actually paying the computer companies to put trial versions on these computers. It’s really a marketing exercise to get a lot of trials out there. Their ultimate goal is to get you to buy the software after you’ve had the trial.
 I would advise consumers to really be aware of what they’re purchasing, not simply accept what is on the computer. The buyer really does need to beware of the security that you’re purchasing, because not all security products are created equally.
 
 
 Alan: Based on your survey, actually, who is more at risk? Is it the ones that really don’t understand that they need to have anti-virus software?

 Rick: Everybody’s at risk on some level. But, we did see was a slight bias toward the higher earners and the more educated. Those people who are making more than $75,000 a year and students, seems to have a higher likelihood of being infected. That was the number of 58%, vs. 42%. The potential reasons for this are that students in universities are in a more promiscuous and permissive environment. Universities typically have more open policies about access to information, pier-to-pier file sharing is very rampant. Instant messaging, access to some “questionable sites” happens a lot more than it would at a corporation, which has a lot more ability to control what access you have on the Internet.
   
 Alan: And do people not realize how dangerous to is that they just don’t have the right kind of anti-virus software or that it’s not being updated? Whose problem is it?

 Rick: Consumers are generally unaware of how many threats are out there and bad they can be, as we found from the study. Yet, 55% are “confident” or “very confident” in their protection. 44% said that they were “somewhat confident”. So, by and large, there is this false sense of confidence in the protection. Because, 42% had actually been infected within the last year, while running anti-virus. So, when you consider that 65% are postponing their security updates and 42% have been infected within the last while running anti-virus, it’s a telling statistic that says, behaviors need to change, in order to be better protected. 
 
 
 Alan: People tell me all the time that nobody really wants to do anything with my computer. Why should they attack me? I’m not doing anything. There’s nothing on my machine that anybody would want. That’s a fallacy, isn’t it?

 Rick: It really is, because today, malware is written not just for fame and notoriety, as it was ten years ago, but it’s done for fortune. We’ve seen the evolution of organized crime into this space, where we true cyber criminal organizations that are building large networks of bots, of people personal computers that basically employed like zombies into a network and can be controlled from central points by the organized crime to send out additional malware to obtain personal information off of your computer, such as your credit card numbers and take your personal information and steal your identity.

 Alan: It’s almost like having someone else go in and rob a bank for you. They’re actually using your machine to cause you to go into the bank, rob the bank, turn the money over to them, and if the police want to arrest somebody, they’re going to arrest you. And it’s using your machine as you mentioned, as a bot, to actually perform illegal acts. 

 Rick: The truth is most consumers that are enslaved to these bot networks have no idea what’s going on with their machine. They will probably notice that their machine is running slower. Maybe they get a couple of pop-up windows showing up. But, they’re generally unaware of what’s happening with their computer until the thing ultimately crashes. 

 Alan: It’s the money that is behind these, because before, it was like the “Script Kiddies” that were basically trying to make a name for themselves. Now, this is a commercial venture. This is all about money, isn’t it?

 Rick: It is about money. It’s a growing business and the results don’t lie. Most people have no idea how many new threats are out there on a daily basis. We asked respondents to guess how many new threats we see each day and the truth is 81% were not even in the ballpark. 50% admitted they had no clue. Only 19% were even close. 
 In actuality, on a daily basis ESET sees more than 10,000 new pieces of malware per day. It’s generated automatically by these criminal organizations and virus writers. At times, it can reach as high as 18,000 to 20,000 per day, depending on what’s happening.

 Alan: That seems like a very high number. But when you actually go on the Internet and you can actually see these virus kits that people are selling and all you have to do is change certain words and they will actually write you a virus and tell you what this virus is going to do and all you have to do is just type in a couple of commands and Walla – you have a virus!

 Rick: It’s become so easy to create malware, today. I believe you can have your own custom malware created for a few hundred dollars. The power of the Internet is great. The downside is potentially even greater when used in the wrong hands. 
 
 
 Alan: We’re talking about why people don’t update their machine. A lot of times it’s because the updates themselves are so large that you spend all day getting updates. 

 Rick: Studies found that 65% of Americans are postponing updates to security software, including anti-virus. The Number 1 reason for this is because it’s too intrusive. 65% said that it was getting in the way of what they were trying to do with their computer. You can perceive this to mean it was slowing down their computer; that maybe a pop-up appeared on their desktop and they were asked to click next, next, next, to get to the actual update. Not all the anti-viruses are automatically downloading updates by default. Occasionally they will also ask you to download programmatic updates, which they need to get your permission for. 
 ESET’s Nod32 runs transparently in the background and we pop up a bubble saying, You’ve been updated to the latest protection. We don’t ask them to continue or we don’t interrupt them. It’s the fast and automatic approach.

 Alan: Is this the reason why, when you’re looking at anti-virus or Anti-Threat software, you really want to get a software package that is proactive, or what they call heuristics, built in, so that you don’t have to rely on the updates?

 Rick: Absolutely, that’s a big part of it. And it comes down to a fundamental change in the model and how threats are stopped. Anti-virus software has been around for more than 20 years. The original models based are on signatures. And that’s the technology that most of the companies are still using, predominantly in their software and it requires that the virus sample be detected, sent to the AV company, the signature or identifier created, and that, then be downloaded to the customers. This all takes time. And that time represents a window of vulnerability for the consumer. If one is able to detect on the spot, on the client computer, without having to wait, it closes this window of vulnerability for the consumer. 
 The technology that does that is heuristics and ESET is the leader in proactive detection. Because of our threat sense heuristics, we are able to detect more malware as it emerges on the spot, in real time than any other company. 

 Alan: As a matter of fact, you’ve won awards for that. They’ve tested it, actually going back in time and looking at some of the in the wild viruses that would have been missed because of heuristics and you’ve won hands down, haven’t you?

 Rick: We’ve won more awards than any other company in proactive testing. VB Comparatives, one of the leading testing organizations in this respect, has given us more awards than any other company in their advanced plus category, which is for proactive detection of viruses, key loggers, spyware and other malware.
 
 
 Alan: Based on the Harris Interactive survey, one of the things that were brought out is that people think it’s so difficult to update their anti-virus. And it shouldn’t be that way, should it?

 Rick: Anti-Virus software should be fast and automatic. The consumers have enough to think about in understanding the threats, without trying to spend a lot of time to understand how to update the application. We did a test and purchased McAfee Anti-Virus from a local store. Our CTO installed it. Unfortunately he had to reboot his PC four times through the update process, in order to get the anti-virus to work. And that’s just about three times too many, in my opinion. And I think that the average consumer would get very frustrated with that and not want to deal with that application, anymore.

 Alan: Plus the fact, that when you get the update signatures, a log of times, it either one, automatically reboots your machine, which is killer if you’re doing automatic processing or it stops the game and says, “now you need to reboot your machine in order to be protected”. I didn’t buy my computer to sit here and watch it reboot!

 Rick: And that’s why anti-virus software should be transparent and in the background, as much as possible. And I think it really says that the Anti-Virus industry in general is letting consumers down. Software should be easier to use. And the best security should be transparent and not interrupt the user. And I think still a way to go on a number of the applications out there.

 Alan: But, how often should you actually be updated with new anti-virus definitions?

 Rick: That really comes back to the question of signatures and heuristics. If you have an application like ESET, NOD32, which is very strong in heuristics, the need for updates is not as great, because we’re able to proactively detect larger amounts of new malware. If you have a program isn’t as strong in heuristics, you’re going to probably keep wanting updates on a daily, if not hourly basis, in some cases. And there are some applications out there that update hourly. And that in some people’s minds, is just too intrusive and again, doesn’t really provide proactive protection the consumers need. 

 Alan: I like that warm-fuzzy feeling that I get when I see that little message that says, “okay. I have just gotten the new update from ESET and now I am protected. And I know that I have the latest software on my machine, because ESET doesn’t believe in having prior versions laying around. If anybody has a subscription, you make sure that they have the latest software and that is also easier to update, isn’t it?

 Rick: Absolutely, Alan. We don’t sell 2005, 2006, 2007 versions and force consumers to buy an entire application. We sell our anti-virus application as a subscription service. So, when we have programmatic updates, whether or not they’re heuristics, signatures, or a new code in functionality, you get those delivered transparently and it starts working to protect you behind the scenes. We don’t send you two updates to put your credit card in and give us the additional money.

 Alan: Nowadays, you need that zero-day protection, because as you pointed out, when a virus gets loose, there that is that time vulnerability and you don’t want to be the guinea pig of “oh, yes, I found it”, because it just tore up my whole computer system or it took up my whole company’s infrastructure and now I’m reporting that we have a problem. You want to stop it before it comes in the door – right?

 Rick: You want to be able to stop it real-time, as it appears. And that’s what threat sense heuristics are all about. Emulating the code, letting it run, in a protected environment and once it does something malicious, we stop it.
 
 
 Alan: And if somebody would like to find more information about NOD32 and how it works and also read the Harris Interactive Survey, where would they go?

 Rick: They could contact us online at www.eset.com. We have a wide range of resources on our website to answer a lot of the basic questions users might have, or they can also phone us at 866-343-3738. 

 Alan: Rick, it’s been our pleasure to have as our guest here on LET’S TALK COMPUTERS, talking about this revealing survey about why people just don’t upgrade their anti-virus and Anti-Threat software and hope to have you back on the air again, real soon. 

 Rick: Thank you very much.

Eset on the Radio

Majority of U.S. Adult Computer Users Are Unprotected From Malware