Et af emnerne af interesse på 7 Tutorials er sikkerhed. Vi skriver ikke kun artikler og selvstudier om, hvordan du får en sikker computeroplevelse, men vi gennemgår også sikkerhedsprodukter med jævne mellemrum. En af de ting, vi ønskede at lære mere om, er, hvordan sikkerhedsprodukter fremstilles: hvad er de involverede trin? de vigtigste udfordringer? osv. Heldigvis^(Luck) fik vi chancen for at mødes med Alexandru Constantinescu - Social Media Manager hos Bitdefender , som straks sagde: "Hej! Hvorfor besøger du os ikke og lærer mere af vores team? Vi accepterede invitationen og i dag kan vi dele en omfattende diskussion med dig om, hvordan sikkerhedsprodukter fremstilles."

Vores diskussionspartnere

BitDefender er et sikkerhedsfirma, som ikke burde kræve meget af en introduktion. Eller i hvert fald ikke til vores læsere. De er det førende sikkerhedsfirma i Rumænien^(Romania) , og de udvikler sikkerhedsprodukter, som modtog masser af ros og påskønnelse. Deres produkter dukker konstant op på lister med topsikkerhedsløsninger.

Vi tog til BitDefender - hovedkvarteret i Bukarest^(Bucharest) og havde en længere diskussion med Cătălin Coșoi - Chief Security Researcher (på billedet ovenfor) og Alexandru Bălan - Senior Product Manager . De er begge meget vidende og venlige mennesker, som vi nød at have denne samtale med.

Sådan fremstilles sikkerhedsprodukter

Vi spildte ikke meget tid på introduktioner, og vi startede straks vores samtale.

Hvad er de stadier, du gennemgår, mens du udvikler en ny version af et sikkerhedsprodukt, såsom en Internet Security Suite?^{(What are the stages you go through, while developing a new version of a security product, such as an Internet Security Suite?)}

Tilgangen er ikke rigtig anderledes end dit typiske softwareudviklingsprojekt. Lad os sige, at vi lige har lanceret 2012-versionen af ​​vores produkter. Så snart lanceringen slutter, begynder vi at arbejde på 2013-versionen. Først^(First) beslutter vi os for det sæt funktioner og ændringer, der vil blive introduceret i denne næste version.

For at identificere de funktioner, der vil have stor betydning for den næste version, har vi diskussioner med flere målgrupper: anmeldere, sikkerhedseksperter, tekniske eksperter og brugere, der er i stand til at give os indsigt i, hvad der virker, hvad der ikke gør og hvad kunne fungere godt i næste version. Derudover giver vores eget tekniske team input baseret på deres ekspertise og vision om, hvor de gerne vil tage produktet hen. Vi laver også en markedsanalyse for bedre at forstå den eller de retninger, hvor andre virksomheder er på vej. Baseret på alle disse input ringer vi til, hvad der bliver inkluderet i den næste version, og hvad der ikke gør.

Så har vi udviklingsstadiet med flere testfaser inkluderet. For det første^(First) har vi en intern preview, når vi tester vores pre-beta software. Dernæst har vi flere betastadier:

• En intern beta – ligesom den interne preview, men med et lidt større publikum, der tester produktet;
• En privat beta – hvor vi vælger en lukket kreds af brugere uden for virksomheden til at teste produktet. Vi involverer op til et par tusinde brugere, og vi vælger personer, hvis feedback vi anser for nyttig. Vi omfatter kyndige brugere, folk som vi havde et længere samarbejde med, tekniske eksperter, hvis mening vi værdsætter osv.;
• En offentlig beta - den finder sted 2 til 3 måneder før den faktiske lancering. På dette tidspunkt kan alle interesserede hente produktet, teste det og give feedback.

Under betastadierne finjusterer vi produktet løbende, og lige før lanceringen har vi et lille tidsvindue til at lave den sidste hånd. Derefter finder lanceringen sted, hvor marketing, PR, salg og andre teams er med til at lave den nødvendige buzz, mens udviklingsteamet håndterer de problemer, der måtte dukke op.

Det lyder faktisk ikke anderledes end andre softwareudviklingsprojekter. Men er der nogle udfordringer, der er specifikke for denne niche med at udvikle sikkerhedssoftware?^{(Indeed, it doesn't sound different from other software development projects. However, are there any challenges specific to this niche of developing security software?)}

Det skulle være behovet for smidighed i ordets sandeste betydning. Det er nøglen til vores niche, mere end i nogen anden linje inden for softwareudvikling. For at beskytte vores klients computere, netværk og enheder skal vi være meget hurtige til at reagere på nye trusler. Generelt har du ikke mange nye typer trusler, der dukker op på en dag. Det meste malware er simpelthen en udvikling af ældre malware, og vi finder det generelt nemt at håndtere dette. Men når noget virkelig nyt dukker op, skal vi handle meget hurtigt. På kun et par timer skal du i det mindste levere en opdatering til dine definitioner eller heuristik, som vil holde dine kunder sikre.

Det er endnu sværere, når det for at svare på en ny trussel ikke er nok at opdatere vores definitioner, og vi skal udvikle en ny funktion i vores produkt. Dette påvirker ikke kun de produkter, der i øjeblikket bruges af vores kunder, men også de nye produkter, vi er ved at udvikle.

Lad os for eksempel tage Facebook . Efterhånden som det voksede i popularitet, blev det et hyppigt værktøj til at distribuere spam og malware. Som du ville forvente, havde vi altid øje med dette sociale netværk og overvågede malware-links, der blev spredt gennem det, og inkluderede dem i vores cloud-database. Vi følte dog behovet for at udvikle et nyt værktøj, der håndterer malware på Facebook på en bedre måde. Sådan skabte vi konceptet for BitDefender SafeGo (et produkt, der også blev anmeldt i 7 vejledninger^{(7 Tutorials)} ). I efteråret 2010 lancerede vi den første version af dette produkt, og senere blev det en integreret del af vores sikkerhedsprodukter, såsom BitDefender Internet Security Suite 2012 .

Faktisk et godt eksempel. Apropos BitDefender SafeGo – har du til hensigt at holde det tilgængeligt også som et gratis produkt for ikke-betalende kunder, som det er i dag?^{(Indeed, a great example. Speaking of BitDefender SafeGo – do you intend to keep it available also as a free product for non-paying customers, as is today?)}

Ja, dette produkt vil være tilgængeligt både i vores kommercielle sikkerhedsprodukter og som en gratis Facebook- og Twitter -app. Det skyldes, at sikkerhedsproblemer på Facebook vil fortsætte med at eksistere og sprede sig. Dette produkt hjælper os med at identificere malware hurtigere og beskytte både vores betalende og ikke-betalende kunder. Vi tror også, at det at gøre dette værktøj tilgængeligt gratis hjælper med at øge bevidstheden om BitDefender til kunder, som måske ikke har hørt om os. Hvis de kan lide BitDefender SafeGo , har vi en større chance for, at de overvejer andre sikkerhedsprodukter, vi udvikler.

Andre eksempler på, hvornår der er brug for stor smidighed?^{(Any other examples of when great agility is needed?)}

En anden ting, vi gør vores bedste for at gøre, er at prøve at finde muligheder for at imødekomme andre typer sikkerhedsbehov, som folk har, ikke kun din standardvirusdetektion og -beskyttelse. For eksempel, hvis du husker kontroversen om Carrier IQ - et stykke software installeret af mange mobilleverandører, var det logning af oplysninger såsom placering uden at give brugerne besked eller give dem mulighed for at fravælge. Selvom dette ikke var et stykke malware og var forudinstalleret på din telefon af din mobiludbyder, ville mange mennesker gerne vide, om de havde det installeret på deres telefoner eller ej. Da vi lærte om det, var det en lørdag^(Saturday) . Et medlem af vores team gik på kontoret, brugte omkring 3 til 4 timer og udviklede et gratis produkt fra bunden til Android - brugere. Det kaldesBitdefender Carrier IQ Finder og det gav Android- brugere mulighed for hurtigt at lære, om de bliver sporet eller ej.

Lad os tale lidt om cloud computing. Vi ser det brugt mere og mere i sikkerhedsprodukter. Nogle leverandører tilbyder endda kun cloud-baseret sikkerhed i deres produkter. Hvad synes du om denne tilgang?^{(Let's talk a bit about cloud computing. We see it used more and more in security products. Some vendors even offer only cloud-based security in their products. What do you think about this approach?)}

Cloud computing har afgjort en vigtig rolle inden for sikkerhedsløsninger. Vi mener dog, at en hybrid tilgang, der bruger både definitionsdatabaser og skyen, giver de bedste resultater. Når kun skyen bruges, er du afhængig af internetforbindelsen^(Internet) . Hvis det er væk, forbliver systemet ubeskyttet. At have en blanding af malware-definitioner og skyen giver bedre resultater i de fleste computerscenarier.

Planlægger du at bruge cloud computing endnu mere i fremtiden? Måske endda tage den samme cloud-only tilgang?^{(Do you plan to use cloud computing even more in the future? Maybe even take the same cloud-only approach?)}

Ikke rigtig. Vi tror på at bruge de teknologier, der passer bedst til formålet. For eksempel, hvis vi ønsker at beskytte en brugers webbrowser, så bruger vi kun skyen. Ondsindede websteder er de samme, ligeglade med de operativsystemer og browsere, folk bruger til at få adgang til dem. Desuden, hvis der ikke er internetadgang^(Internet) , kan brugeren ikke surfe på nettet. Derfor er der ikke noget problem, hvis skybeskyttelsen heller ikke er tilgængelig.

Til antivirus tror vi, det er bedst at bruge både klassiske definitioner og skyen. Definitionerne er med til at give beskyttelse, når skyen ikke er tilgængelig på grund af et udfald af internetforbindelse . ^(Internet)De får også adfærdsanalysen af ​​filer og applikationer til at køre hurtigere, end når man forsøger at bruge skyen til samme formål. Når vores software laver nogen form for adfærds- og handlingsanalyse, giver definitionerne mere hastighed end skyen gør.

Fortæl os lidt mere om de teknologier, BitDefender bruger til at beskytte et system.^{(Tell us a bit more about the technologies BitDefender uses to protect a system.)}

Generelt er der i BitDefender - produkter tre hovedteknologier, der bruges til at sikre systemer:

• Behave – dette overvåger og lærer den generelle adfærd af dine applikationer;
• Aktiv viruskontrol^{(Active Virus Control)} – overvåger de handlinger, der udføres af en applikation og blokerer dem, der er mistænkelige eller forkerte.
• Cloud – samler information fra mange kilder om malware og opdaterer sig selv løbende. Dataene fra skyen bruges af næsten alle beskyttelsesmoduler, der er inkluderet i vores produkter.

Hvad er dine kilder til at finde og lære om nye former for malware?^{(What are your sources for finding and learning about new forms of malware?)}

Vi har mange kilder til at lære om nye vira og malware generelt:

• honningpotter;
• BitDefender SafeGo , med dets understøttelse af både Facebook og Twitter ;
• De data, der sendes fra vores kunders computere om infektioner og mistænkelige aktiviteter;
• Vores samarbejde med andre sikkerhedsudbydere;
• Offentlige malwaredatabaser.

Honningpotter. Det lyder interessant. Fortæl os lidt mere om dem. Hvad er de helt præcist?^{(Honeypots. That sounds interesting. Tell us a bit more about them. What exactly are they?)}

Honeypots er systemer, vi distribuerer på tværs af vores netværk, som fungerer som ofre. Deres rolle er at ligne sårbare mål, som har værdifulde data om sig. Vi overvåger disse honeypots løbende og indsamler alle former for malware og information om black hat-aktiviteter.

En anden ting, vi gør, er at udsende falske e-mail-adresser, som automatisk indsamles af spammere fra internettet^(Internet) . Derefter bruger de disse adresser til at distribuere spam, malware eller phishing-e-mails. Vi indsamler alle de beskeder, vi modtager på disse adresser, analyserer dem og udtrækker de nødvendige data for at opdatere vores produkter og holde vores brugere sikre og spamfri.

Lad os antage, at du lige har identificeret et nyt stykke malware. Hvad gør du med det? Hvordan finder man ud af, hvad det gør, og hvordan man bedst desinficerer et system?^{(Let's assume you just identified a new piece of malware. What do you do with it? How do you find out what it does and how to best disinfect a system?)}

I det mindste i starten er vi ikke så interesserede i at lære, hvad det stykke malware gør. Vi er interesserede i at finde ud af, om dens adfærd er mistænkelig eller ej, om det er en virus eller ej. Dette giver vores produkter mulighed for at handle og gøre ting, såsom at skære adgangen til netværket eller sætte det stykke malware i karantæne.

Alle de nye stykker malware, der identificeres, sendes automatisk til vores forskningslaboratorium i Iaşi . Holdet der tager sig af at dekonstruere vira, forstå, hvad de gør og opdatere vores definitionsdatabase med de relevante oplysninger.

Apropos forskerholdet, så fortæl os lidt mere om dem og deres arbejde med at "hacke" vira.^{(Speaking of the research team, tell us a bit more about them and their work on "hacking" viruses.)}

Nå, de er et meget specialiseret team, der arbejder i et meget lukket miljø, fra alle perspektiver. Vi ønsker for eksempel ikke, at virus, de arbejder på, skal ud i naturen eller spredes til vores eget netværk. De er alle sikkerhedseksperter, der er dygtige til ting, der varierer fra kryptering til at være flydende med flere programmeringssprog (inklusive Assembly sprog^{(Assembly language)} ), kendskab til internetprotokoller, hackingteknikker osv.

De er ansvarlige for at dekryptere koden til en virus og opdatere vores definitionsdatabaser med de relevante oplysninger. Men før de går i gang med at lave en definitionsopdatering på egen hånd, skal de igennem en længere proces med uddannelse og specialisering, der tager 9 måneder. De må ikke arbejde med vores definitionsdatabaser på egen hånd, før de har gennemgået al den nødvendige uddannelse og har bevist, at de ved, hvad de skal gøre.

Vi vil også gerne præcisere en urban legende, hvis du vil kalde det sådan: mange tror, ​​at de bedste hackere og virusproducenter bliver ansat af sikkerhedsfirmaer, inklusive BitDefender . I hvert fald når det kommer til vores virksomhed, er dette ikke sandt. Under ansættelsesprocessen bortfiltrerer vi alle de kandidater, der har lavet malware eller har lavet nogen form for black-hat hacking.

Vi foretrækker at få selskab af teammedlemmer, som vi kan stole på. Vi ønsker, at folk slutter sig til os, fordi de nyder en stor sikkerhedsudfordring og ikke bruger deres færdigheder og intelligens til egoistiske formål. Alle i vores forskerhold kan i det mindste skabe deres egen virus, hvis ikke engang hacke et mere komplekst system. Men de gør det ikke, fordi de mener, at det ikke er den rigtige ting at gøre og ikke den korrekte brug af deres talenter. Desuden vil vores virksomhed ikke tolerere denne form for adfærd.

Hvor ofte leder dine produkter efter nye definitioner på dine servere?^{(How often do your products look for new definitions on your servers?)}

En gang hvert 45. til 60. minut. Det er meget vigtigt for os at få leveret nye definitioner så hurtigt som muligt. Nogle gange, hvis en given situation kræver det, sender vi også push-beskeder, så vores sikkerhedsprodukter opdaterer sig selv med det samme og ikke venter på, at den planlagte opdatering finder sted. Vi vil gerne kunne sende data, så snart vi lærer noget nyt. Det er dog ikke muligt ud fra et teknisk perspektiv, og det ville ødelægge vores brugeres computeroplevelse. Derfor holder vi push-notifikationer og opdateringer på et minimum og bruger dem kun, når det virkelig giver mening.

Samarbejder du med andre virksomheder og deler viden og information om de seneste sikkerhedstrusler?^{(Do you collaborate with other companies and share knowledge and information about the latest security threats?)}

Ja vi gør. Vi samarbejder med 6 andre virksomheder, inklusive vores partnere, som vi har licenseret vores teknologi til, såsom F-Secure eller G-Data . Vi kan dog ikke oplyse navnene på de andre virksomheder.

Hvor meget investerer du i de mere sekundære funktioner, som ikke nødvendigvis bidrager til at øge sikkerheden i et system? Jeg henviser til funktioner, der for det meste er inkluderet i Total Security Suites, såsom: Forældrekontrol, File Backup, Filsynkronisering osv.^{(How much do you invest in the more secondary features, that don't necessarily contribute to enhancing the security of a system? I'm referring to features included mostly in Total Security Suites, such as: Parental Controls, File Backup, File Synchronization, etc.)}

Det er klart, at de klassiske funktioner i en sikkerhedspakke såsom antivirus, firewall, antispam osv. er hovedfokus for vores teams arbejde og modtager de fleste af vores virksomheds udviklingsressourcer. Vi har dog dedikerede teams til hver af de sekundære funktioner, vi tilbyder i vores produkter, og de er bemandet efter behov, afhængigt af mængden af ​​arbejde, der kræves for at vedligeholde disse moduler. Du kan forestille dig, at vi ikke har brug for så mange mennesker, der arbejder på forældrekontrol^{(Parental Controls)} som på antivirusbeskyttelsesmotoren.

BitDefender har en klassisk serie af produkter: BitDefender Antivirus, Internet Security Suite, Total Security Suite og Sphere, som tilbyder en licens til op til 3 brugere, der kan bruge den bedste sikkerhedspakke, du leverer, på enhver platform, du understøtter, på en ubegrænset antal enheder. Hvilket af disse koncepter er mest populært blandt dine brugere? Foretrækker de de ekstra funktioner i en Total Security-pakke eller de mere klassiske sikkerhedsprodukter?^{(BitDefender has a classic line-up of products: BitDefender Antivirus, Internet Security Suite, Total Security Suite and Sphere, which offers a license for up to 3 users that can use the top security suite you provide, on any platform you support, on an unlimited number of devices. Which of these concepts is most popular with your users? Do they prefer the added features of a Total Security suite or the more classic security products?)}

BitDefender Internet Security Suite er absolut vores mest populære produkt. Der er mennesker, der nyder de ekstra funktioner i en Total Security Suite , men de er i mindretal. Vi er dog blevet positivt overrasket over den succes og positive feedback, vi har modtaget for vores nye BitDefender Sphere- produkt. Det ser ud til, at mange mennesker nyder at have en samlet sikkerhedsløsning, der kan beskytte deres pc'er, Mac'er^(Macs) og Android-baserede smartphones eller tablets. De nyder i høj grad fleksibiliteten ved at købe en mere overkommelig licens for at beskytte alle computerenheder i deres hjem.

Sidst men ikke mindst, lad os tale lidt om Windows 8 og dets nye Metro-interface. Planlægger du at tilbyde sikkerhedsløsninger designet til den nye touch-grænseflade? Vil du levere separate sikkerhedsprodukter til Windows 8-tablets?^{(Last but not least, let's talk a bit about Windows 8 and its new Metro interface. Do you plan to offer security solutions designed for the new touch interface? Will you provide separate security products for Windows 8 tablets?)}

Vi arbejder bestemt på at levere nogle spændende produkter til Windows 8 og den nye Metro -grænseflade. Udfordringen med Metro er, at applikationer kører med begrænsninger og begrænsede tilladelser. De har ikke fuld adgang til systemet, som Desktop - applikationer har. Derfor er vi nødt til at finde måder at omgå det på og yde effektiv beskyttelse.

Desværre har vi dog ikke ret til at diskutere flere detaljer om vores planer med sikkerhedsprodukter til Windows 8 . Vi vil være i stand til at give mere information tættere på, at Windows 8 bliver færdiggjort og gjort tilgængeligt.

Konklusion

Som du kan se fra denne diskussion, er det ikke nogen let opgave at udvikle en god sikkerhedsløsning. Det indebærer masser af arbejde, viden om forskellige aspekter af computing, netværk og sikkerhed. Vi håber, at du fandt denne samtale interessant og nyttig til at lære mere om hele den involverede proces.

Før vi lukker denne artikel, vil vi gerne takke BitDefender for at sende os denne invitation og give os muligheden for at have en meget interessant samtale med nogle af deres bedste specialister.

How Security Products Are Made - A Discussion with Bitdefender

One of the topics of interеst at 7 Tutorials is security. Not only we write articles and tutorials about how to have a safe computing experience but we also review security products on a regular basis. One of the things we wanted to learn more about, is how security products are made: what are the steps involved? the most important challenges? etc. Luck has it that we got the chance to meet with Alexandru Constantinescu - Social Media Manager at Bitdefender, who immediately said: "Hey! Why don't you pay us a visit and learn more from our team? We accepted the invite and today we can share with you an extensive discussion about how security products are made."

Our Discussion Partners

BitDefender is a security company which should not require much of an introduction. Or at least not to our readers. They are the leading security company in Romania and they develop security products which received lots of praise and appreciation. Their products are constantly showing up in lists with top security solutions.

We went to the BitDefender headquarters in Bucharest and had a lengthy discussion with Cătălin Coșoi - Chief Security Researcher (in the picture above) and Alexandru Bălan - Senior Product Manager. They are both very knowledgeable and friendly people, with whom we enjoyed having this conversation.

How Security Products are Made

We did not waste a lot of time on introductions and we immediately started our conversation.

What are the stages you go through, while developing a new version of a security product, such as an Internet Security Suite?

The approach is not really different from your typical software development project. Let's say we just launched the 2012 version of our products. As soon as the launch ends, we start working on the 2013 version. First, we decide on the set of features and changes that will be introduced in this next version.

In order to identify the features that will have a great impact for the next version, we have discussions with several audiences: reviewers, security experts, technical experts and users who are able to give us insights on what works, what doesn't and what could work well in the next version. On top of that, our own technical team gives input based on their expertise and vision of where they would like take the product. We also do a market analysis to better understand the direction(s) where other companies are heading. Based on all these inputs, we make a call on what gets included in the next version and what doesn't.

Then, we have the development stage, with several test phases included. First, we have an internal preview when we test our pre-beta software. Next, we have several beta stages:

• An internal beta – just like the internal preview, but with a slightly bigger audience testing the product;
• A private beta – where we choose a closed circle of users from outside the company to test the product. We involve up to a few thousand users and we choose people whose feedback we consider helpful. We include knowledgeable users, people with whom we had a longer collaboration, technical experts whose opinion we value, etc.;
• A public beta – it takes place 2 to 3 months prior to the actual launch. At this time, anyone interested can pick up the product, test it and provide feedback.

During the beta stages we fine-tune the product on a continuous basis and, just before launch, we have a small time-window to make the final touches. Then the launch takes place, where marketing, PR, sales and other teams are involved in making the required buzz, while the development team handles any issues that might come up.

Indeed, it doesn't sound different from other software development projects. However, are there any challenges specific to this niche of developing security software?

That would have to be the need for agility in the truest sense of the word. It is key to our niche, more than in any other line of software development. In order to protect our client's computers, networks and devices, we must be very fast in responding to new threats. Generally, you don't have many new types of threats appearing in a day. Most malware is simply an evolution of older malware and we find it generally easy to deal with this. However, when something truly new comes up, we must act very fast. In only a few hours you have to deliver at least an update to your definitions or heuristics that will keep your clients safe.

It is even harder when, in order to answer to a new threat, it is not enough to update our definitions and we must develop a new feature in our product. This impacts not only the products currently used by our customers but also the new products we are developing.

Let's take for example Facebook. As it grew in popularity, it became a frequent tool for distributing spam and malware. As you would expect, we always had an eye on this social network and monitored the malware links being spread through it and included them in our cloud database. However, we felt the need to develop a new tool that deals with malware on Facebook in a better way. This is how we created the concept for BitDefender SafeGo (a product reviewed also on 7 Tutorials). In the autumn of 2010 we launched the first version of this product and later, it became an integral part of our security products, such as BitDefender Internet Security Suite 2012.

Indeed, a great example. Speaking of BitDefender SafeGo – do you intend to keep it available also as a free product for non-paying customers, as is today?

Yes, this product will be available both in our commercial security products and as a free Facebook and Twitter app. That's because security problems on Facebook will continue to exist and spread. This product helps us identify malware faster and protect both our paying and non-paying customers. Also, we think that making this tool available for free helps raise awareness about BitDefender to customers who might not have heard about us. If they like BitDefender SafeGo, we have a higher chance of them considering other security products we develop.

Any other examples of when great agility is needed?

Another thing we do our best to do, is try to spot opportunities for meeting other types of security needs people have, not only your standard virus detection and protection. For example, if you remember the controversy about Carrier IQ – a piece of software installed by many mobile vendors, that was logging information such as location without notifying users or allowing them to opt-out. Even though this was not a piece of malware and was preinstalled on your phone by your mobile carrier, many people wanted to know if they had it installed on their phones or not. When we learned about it, it was a Saturday. A member of our team went to the office, spent about 3 to 4 hours and developed a free product from scratch, for Android users. It is called Bitdefender Carrier IQ Finder and it allowed Android users to quickly learn if they are being tracked or not.

Let's talk a bit about cloud computing. We see it used more and more in security products. Some vendors even offer only cloud-based security in their products. What do you think about this approach?

Cloud computing definitely has an important role in the space of security solutions. However, we believe that a hybrid approach which uses both definition databases and the cloud, delivers the best results. When only the cloud is used, you are dependent on the Internet connection. If that's gone, the system remains unprotected. Having a mix of malware definitions and the cloud, delivers better results in most computing scenarios.

Do you plan to use cloud computing even more in the future? Maybe even take the same cloud-only approach?

Not really. We believe in using those technologies that best fit the purpose. For example, if we want to protect the web browser of a user, then we use only the cloud. Malicious websites are the same, indifferent of the operating systems and browsers people use to access them. Also, if there is no Internet access, the user cannot browse the web. Therefore, there is no problem if the cloud protection is also unavailable.

For the antivirus we believe it is best to use both classic definitions and the cloud. The definitions help provide protection when the cloud is not available due to an Internet connection drop-out. Also, they make the behavioral analysis of files and applications run faster than when trying to use the cloud for the same purpose. When our software is doing any kind of behavioral and action analysis, the definitions provide more speed than the cloud does.

Tell us a bit more about the technologies BitDefender uses to protect a system.

In general, in BitDefender products there are three main technologies that are used to secure systems:

• Behave – this monitors and learns the general behavior of your applications;
• Active Virus Control – monitors the actions taken by an application and blocks those which are suspicious or mal-intentioned.
• Cloud – gathers information from lots of sources about malware and updates itself continuously. The data from the cloud is used by almost all protection modules included in our products.

What are your sources for finding and learning about new forms of malware?

We have many sources for learning about new viruses and malware in general:

• Honeypots;
• BitDefender SafeGo, with its support for both Facebook & Twitter;
• The data sent from our clients' computers about infections and suspicious activities;
• Our collaboration with other security providers;
• Public malware databases.

Honeypots. That sounds interesting. Tell us a bit more about them. What exactly are they?

Honeypots are systems we distributed across our network, that act as victims. Their role is to look like vulnerable targets, which have valuable data on them. We monitor these honeypots continuously and collect all kinds of malware and information about black hat activities.

Another thing we do, is broadcast fake e-mail addresses that are automatically collected by spammers from the Internet. Then, they use these addresses to distribute spam, malware or phishing e-mails. We collect all the messages we receive on these addresses, analyze them and extract the required data to update our products and keep our users secure and spam free.

Let's assume you just identified a new piece of malware. What do you do with it? How do you find out what it does and how to best disinfect a system?

At least initially we are not that interested in learning what that piece of malware does. We are interested to learn if its behavior is suspicious or not, if it is a virus or not. This allows our products to act and do things such as cut access to the network or place into quarantine that piece of malware.

All the new pieces of malware that are identified get sent automatically to our research lab in Iaşi. The team there takes care of deconstructing the viruses, understanding what they do and updating our definitions database with the appropriate information.

Speaking of the research team, tell us a bit more about them and their work on "hacking" viruses.

Well, they are very specialized team that works in a very closed environment, from all perspectives. For example, we don't want viruses they work on, to get out in the wild or spread into our own network. All of them are security experts skilled in things that vary from encryption to being fluent with multiple programming languages (including Assembly language), knowledge of internet protocols, hacking techniques, etc.

They are in charge of decrypting the code of a virus and updating our definitions databases with the appropriate information. However, before they get to work on creating a definition update on their own, they must go through a lengthy process of training and specialization that takes 9 months. They are not allowed to work with our definition databases on their own until they have gone through all the required training and have proven that they know what they have to do.

Also, we would like to clarify an urban legend, if you would like to call it that way: many believe that the best hackers and virus makers get hired by security companies, including BitDefender. At least when it comes to our company, this is not true. During the hiring process, we filter out all the candidates who have created malware or have done any kind of black-hat hacking.

We prefer to be joined by team members whom we can trust. We want people to join us because they enjoy a great security challenge and do not use their skills and intelligence for selfish purposes. Everyone in our research team can at least create their own virus if not even hack a more complex system. However, they don't do it because they believe it is not the right thing to do and not the correct use of their talents. Also, our company would not tolerate this kind of behavior.

How often do your products look for new definitions on your servers?

Once every 45 to 60 minutes. It is very important for us to have new definitions delivered as soon as possible. Sometimes, if a given situation requires it, we also send push notifications, so that our security products update themselves immediately and don't wait for the scheduled update to take place. We would like to be able to send data as soon as we learn something new. However, that is not feasible from a technical perspective and it would ruin the computing experience of our users. That's why we keep push notifications and updates to a minimum and use them only when it really makes sense.

Do you collaborate with other companies and share knowledge and information about the latest security threats?

Yes, we do. We collaborate with 6 other companies, including our partners to which we licensed our technology, such as F-Secure or G-Data. However, we cannot disclose the names of the other companies.

How much do you invest in the more secondary features, that don't necessarily contribute to enhancing the security of a system? I'm referring to features included mostly in Total Security Suites, such as: Parental Controls, File Backup, File Synchronization, etc.

Obviously, the classic features of a security suite such as antivirus, firewall, antispam, etc are the main focus of our team's work and receive most of our company's development resources. However, we do have dedicated teams for each of the secondary features we offer in our products and they are staffed as needed, depending on the amount of work required to maintain these modules. You can imagine that we don't need as many people working on Parental Controls as on the antivirus protection engine.

BitDefender has a classic line-up of products: BitDefender Antivirus, Internet Security Suite, Total Security Suite and Sphere, which offers a license for up to 3 users that can use the top security suite you provide, on any platform you support, on an unlimited number of devices. Which of these concepts is most popular with your users? Do they prefer the added features of a Total Security suite or the more classic security products?

BitDefender Internet Security Suite is definitely our most popular product. There are people who enjoy the added features of a Total Security Suite but they are in minority. However, we've been pleasantly surprised by the success and positive feedback we received for our new BitDefender Sphere product. It seems many people enjoy having a unified security solution that can protect their PCs, Macs and Android-based Smartphones or Tablets. They very much enjoy the flexibility of purchasing just one more affordable license to protect all the computing devices in their homes.

Last but not least, let's talk a bit about Windows 8 and its new Metro interface. Do you plan to offer security solutions designed for the new touch interface? Will you provide separate security products for Windows 8 tablets?

We are definitely working on providing some exciting products for Windows 8 and the new Metro interface. The challenge with Metro is that applications run with restrictions and limited permissions. They don't have full access to the system as Desktop applications do. Therefore we need to find ways to get around that and provide effective protection.

Unfortunately though, we are not at liberty to discuss more specifics about our plans with security products for Windows 8. We will be able to provide more information closer to Windows 8 being finalized and made available.

Conclusion

As you can see from this discussion, developing a good security solution is no easy task. It involves lots of work, knowledge of different aspects of computing, networking and security. We hope you found this conversation interesting and useful in learning more about the whole process involved.

Before we close this article, we would like to thank BitDefender for sending us this invitation and giving us the opportunity to have a very interesting conversation with some of their best specialists.

Related posts

• Windows 11 stinker: 7 grunde til, hvorfor du måske ikke kan lide det -

• Hvad er fejlsikret tilstand? -

• Om InPrivate og Incognito. Hvad er privat browsing? Hvilken browser er den bedste?

• Opdatering til Windows 10 maj 2021: Hvad er nyt og fjernet? -

• 13 bedste ting ved Windows 10

• Sådan inficerer du din Windows-pc, mens du surfer på nettet efter gratis ting

• 12+ grunde til, hvorfor du bør få Windows 10 April 2018 Update

• Sådan fortæller du, hvad Windows jeg har (11 måder) -

• Proxy vs. VPN: Hvornår skal man bruge en proxyserver, og hvornår skal man bruge en VPN? -

• Priser: Årets bedste antivirusprodukt 2018

• Hvad er nyt i Windows 10 November 2019 Update?

• Analyse: Hurtige desktop app-installationer ødelægger computerens ydeevne!

• Sådan starter du Windows 10 i fejlsikret tilstand med netværk

• Se din Google-annonceprofil, og hvad Googles annoncering ved om dig

• Priser - Det mest innovative antivirusprodukt i 2017

• Inden du installerer Windows 10 S, skal du overveje disse vigtige problemer

• Lær, hvad dine Android-apps ved om dig, ved hjælp af Bitdefender Clueful

• Priser - Årets bedste antivirusprodukt 2017

• Hvad er Windows 10 Creators Update, og hvorfor skal du installere det?

• Sammenligning: Hvilken er den bedste antivirus til Windows-enheder i 2018?