Complete Transcript of Interview – Mike Lowery - ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
May 19 2007
Alan: With so many security packages on the market, how do you know what you really need? Our guest, today, is Mike Lowery, Senior Training Manager with ESET. And welcome to Let’s Talk Computers, Mike.
Mike: Thanks, Alan. It’s great to be here.
Alan: When you have a utility suite that has everything in it, including “the kitchen sink” and of course, it has and anti-virus module just to complete the package. This is not the efficient way to have Internet protection, is it?
Mike: It certainly isn’t, Alan. In fact, one of the problems with that kind of software is that you end up with “okay” packages that address a lot of things. And that’s especially true of any kind of a security package. An anti-virus tool really needs to be focused to finding specific problems that you will be running into. A lot problems that you will see, coming across the Internet, especially in the age of crime-based, malicious software, are easily eluding the kinds of protections that are available in a lot of suite products.
Alan: I’m dating myself – it’s like buying a stereo system. You went into a store and you saw this great, big console that had a record player, built-in. It had a tuner; the speakers were built into the cabinet. You got a great stereo system. But, I like buying components where you get a receiver, because a receiver is not the same thing as a tuner. And then, I could get my DVD deck, if I wanted; my speakers are out-bound. I get exactly what I want and exactly what I need.
Mike: To continue with that analogy: The problem with buying an all-in-one system, is that say you buy a Television with a DVD player, built-in with a CD player, and the DVD player dies – well, now you’ve got a television that actually cost a great deal more than it would have if you had bought it as a separate component.
Now, that’s especially dangerous when you’re talking about not DVD players, but you’re talking about something that’s protecting the integrity of your computer system. Then, it’s really a large risk to take on your system. If something like that just simply doesn’t do the job, it may be a fantastic back-up system for example, but it doesn’t necessarily cut the mustard for AV, then you’re out of luck. You don’t have a tool that actually protects you against those kinds of issues.
Alan: I like buying my anti-virus, anti-threat software from a company that that’s all they do. They don’t have all these different utility packages and “oh, by the way, we sell security as a sideline. “
Mike: One of the things that’s interesting is about suites that we have been seeing in the Industry for a long time, have been essentially security products that have been cobbled together. They’re actually separate applications; separate programs – they’re written differently – they’re designed differently and they have kind of a webbing that’s put on after the fact, to try to make them look like a cohesive product. Well, now we’re actually seeing suites coming out that don’t even focus on security, anymore. They have security tools, but then they have back-up tools, they have got disk utilities, they’ve got network sniffers, they’ve got all kinds of things put together into what was one time a security product that has nothing to do with security. And it’s nice to be able to get all of it in one package, at least on paper, but then when you think about all the different kinds of tasks that you will be doing with those products and all those disparate things you’re trying to solve with those packages, it actually stops making any sense to have those things in one place.
Alan: If you have one of these all in one type packages, utilities that takes care of your registry, that’s an anti-virus software; and it has tweaks for Windows. But the impact to your computer system is like, that’s all the entire computer can do right now, because it doesn’t have a chance to do anything else.
Mike: And then when you add on top of that the fact that a lot of anti-virus tools, and security tools in general, have grown in an uncontrolled, bloated way over many years, you’re not even talking about a lot of good performance. So the tools that you have in these suites, individually, are not terribly efficient with computer resources.
Then you when start tacking them all together, you get this very large, massive probe, that’s not efficiently using resources for memory; resources for the disk space; CPU cycles that are being burned for no reason. And it makes a very big mass, really draining the ability to do anything productively with that computer – on top of the fact that it doesn’t, in fact, solve the problem.
Alan: The main engine inside of NOD32 is written in Assembly Language. Why is that so important?
Mike: It’s a computer program, but it’s actually running as close as possible to machine speed. So you’re not going to get any kind of interpreted language problems, as far as delays on top of the base core of the code.
ESET Nod32 is actually famous for being the fastest anti-virus product on the market. As we add functionality to our product, we make sure that rather than tack those things on as additional applications, they are built directly into this core code, which as you mentioned, is running, to a large extent, in Assembly Language.
The unified nature of the code, the fact that it runs really, really effectively on the system, never changes; it improves with each additional piece of functionality that we add.
Alan: You’re not just making this statement. That statements that other companies that do testing of anti-threat, anti-threat software, like Virus Bulletin, have made about ESET Software.
Mike: In fact, a recent test done by Virus Bulletin, (this is a test that was done in February, 2007 on a Microsoft Vista Business Edition computer) was running an on-demand scan of executable files. They were showing that we were averaging right about 40 Megabytes per second throughput on the scan. And that’s incredible speed, compared to some of our competitors who are in the 10 and 12 Megabytes per second range. You’re talking about something that scans a set of files on the system and yet still be functional for other purposes while the scan is taking place.
An AV system that’s written in I guess you could say a traditional way, has a lot of different modules all bolted together over time. If it’s running a scan on a system, that’s all the computer is being used for. This system typically doesn’t have any cycles free to do anything else.
With ESET Nod32, we’ve written it in such a lean way that when it’s scanning your file system, it’s actually able to be out running things like mail, or continuing to run your report in Microsoft Word, or whatever you happen to be doing.
And that’s very important for the customers that we have, especially people who are using it for Game purposes. A Game computer is usually built specifically for speed. We found that a lot of Game Players tend to turn their anti-virus solutions off, simply because it’s interfering with the amount of performance they are getting out of their machine. With Nod32, we’re finding that Game People tend to leave their AV running, which is exactly what they should be doing, when they’re on the Internet.
In fact, we sponsored a Harris poll that was done last year, and what we found was of the people in Enterprises, (small businesses and large businesses) – those with the ability to turn their anti-virus solution off, were doing just that – 65% of them, in fact, turned off their anti-virus solution if they had that ability, simply because the anti-virus tool was getting in the way of their doing productive work. The fact is it’s being turned off. I can tell you right now that if it’s turned off, it’s not going to find anything at all and you’re not protected.
Alan: What’s so important, nowadays, because you have these Zero-day threats because heuristics will trap and catch these viruses and threats before there’s even a signature made for these.
Mike: In fact, that’s one of the main values of ESET Nod32, the fact that not only are we the best at detecting In-the-Wild viruses, but we’re also by far, time after time, consistently, the best at finding viruses, malware of various kinds, root kits, phishing attempts, that no one has ever seen before, simply because our heuristics are turned on by default. The system runs so efficiently that we can turn our heuristics on by default and that’s part of the detection that the system’s going to be providing.
Some of our competitors have heuristics’ capabilities built-in, but you can’t really use them realistically. They use them for testing and that’s about it – Because if you turn those functions on, essentially the computer slows down and stops working, entirely.
Alan: And you have won so many awards for Nod32, it’s just really hard to count these.
Mike: We’re very proud of the fact that we’ve gotten more Virus Bulletin 100 Awards than any other product on the market. In fact, AV Comparatives, another independent testing organization out of Austria, thought so highly of our Product last year, that they named us the “best Anti-Virus tool of 2006”, across the board.
Alan: Because, what an anti-virus and anti-threat software has to do is catch all these nasties before they get into my system and they have to have the lowest impact, so that it’s not constantly popping up boxes and saying, “you have a threat; oh, I think you have a threat”. You can actually make it so that it’s silent in the background and just making sure that stops everything, cold.
Mike: You’ve got it. In fact, when I talk to customers, one of the common two complaints I hear about their anti-virus solution that they currently have is either a) it’s letting things through that they thought that they had bought it to prevent and b) it’s doing it at such a slow rate that they can’t accomplish anything at all. I very rarely hear people speak very highly of their anti-virus solution, unless it happens to be ESET Nod32, in which case, they’re usually raving fans!
It’s one thing to have an anti-virus tool that will run and scan your files system when you ask it to, but the real power of an anti-virus tool is to be able to attack something as the file is being loaded, as it’s being accessed off the disk, if it happens to be infected with something.
We’ve done tests recently where we had a test system that runs thousands of Microsoft Excel spreadsheets, opening and closing them in quick succession, What we’ve found was that ESET Nod32 on average has about a 4% load on the CPU, over and above what you would see if it had no anti-virus tool installed at all. Some of our competitors are up to 1,100% additional load on the CPU. What that comes down to is when you’re opening a file with Nod32, it’s going to take only 4% longer to do that. Another competitor product could take 11 or 12 times as long to load that file. If consumer had the ability to turn that off, you probably would. And that’s going to just leave you wide open for problems.
Alan: Talking about wide open for problems, you have very sophisticated programmers that are constantly writing software to get around these anti-virus programs and you have to really be on your guard, don’t you?
Mike: That’s absolutely right. We’ve found recently, in the Industry across the board, that the economics of malicious code writing are actually more impressive than the economics of the cocaine trade. The risk is very low; the cost to get in is very low; the amount of potential return is extremely high. And when these criminals find that they are being caught, they simply drop off the Internet and there is very little risk of their being caught.
So, they really are extremely sophisticated. I’ve seen screen shots, for example of some of these hacking tools that are being created in places like Eastern Europe and Brazil, where there are particular hot beds of hacking. They actually look like commercial products; they’ve got a full-fledged user interface; they’ve got help system even built-in to these things! That’s how sophisticated the enemy is. This is all about money, now!
Alan: Big Money – I saw on TV something that was astounding – they broke into somebody’s computer and it took them 1 minute and 32 seconds to sell the information on the Internet and run up $500,000 or more in products against that one credit card. That’s amazing!
Mike: It’s really a huge problem. You see a lot of security products that refer to how well they work in terms of response time. One product in particular in the AV Industry that touts their signature updates. (Signatures being that tools that they use find the viruses and the malware.) They update their signature files once every hour. But, when you’re talking about worms, for example that can go all the way around the world and infect every single computer that is vulnerable on the Internet in 10 minutes flat – all the way around the world – hundreds of millions of PC’s, an hour is just too long to wait. You need to find something that’s not only going to find things that the individual user has never has never seen before, but you’ve got to be able to find things that the AV product has never seen before, as well. That’s where the proactive detection really comes in.
Alan: You can’t rely on signatures, any more. By the time the signature gets out, you’re already in a heap of trouble; you have to stop it dead, before you become a statistic.
Mike: That’s correct. You’re looking at an average right now of 15,000 brand new pieces of malicious code or variants of existing code released on the Internet every single day. That’s 15,000 brand-new nasties to look for every single day; you simply can’t patch software fast enough to keep track of that.
Alan: And that’s where your ThreatSense engine really shines.
Mike: The ThreatSense engine actually gives us the ability to have four different types of detection all going on simultaneously. We do use traditional signatures, because it’s an extremely accurate way of finding, with pinpoint accuracy, something that we’ve seen before. But the heuristics that we use are what allow us to find things that we’ve never seen before – our generic signatures, passive heuristics and active heuristics. And all four of them are running simultaneously, so that if any one of those four detection capabilities find something that is suspicious, the other three can verify it very quickly. It’s why our detection rates are extremely high but our false positive rates are extremely low.
Alan: And if you want to try ESET’s Nod32, you have a full-featured updatable version on your website that you can download and you will get updates.
Mike: It’s a 30-day trial, full blown version of the product. It is fully-functional.
Alan: Mike, what are we looking at as far as the price to get started, with Nod32 protection?
Mike: Well, Nod32, which available on our website – a single user license is $39 and if you wanted to buy a back-up version which would be the downloadable version, plus a CD, that’s an additional $10, so $49.
Alan: And where would we go to get the latest information on Nod32 and also to find out about the latest viruses that can attack our system?
Mike: The best way to do that is go straight to our website, that’s http://www.eset.com. That will give you information on the product and it will also give you a snap-shot of our Virus Radar, which tells you what the top-ten most recent threats are the last hour, eight hours, or a week.
Alan: Mike, I want to thank you for being our guest here on Let’s Talk Computers, and showing us how we can protect our system from all those nasties that are definitely trying to get into our computer system. And we hope to have you back on the air again, real soon.
Mike: Thanks very much, Alan. I enjoyed it.
