By Ryan Naraine
December 19, 2006
MOSCOW - Clickety, clack. Clickety, clack. The rhythmic sounds of
fingers tapping away at keyboards are coming from Eugene Kaspersky's
"woodpeckers," who make up a virus-hunting crew responsible for tracking
computer threats in real time and who work around the clock to write and
ship virus definition updates to millions of computer users.
This is Kaspersky Lab's secret sauce, the ability to ship anti-virus
signatures every hour on the hour, seven days a week, 365 days a year.
"We're losing this game with computer criminals. There are just too many
criminals active on the Internet underground, in China, in Latin
America, right here in Russia. We have to work all day and all night
just to keep up," Kaspersky said in an interview with eWEEK during an
international press tour of his company's headquarters.
Kaspersky, a talkative man who founded the company in 1997 and managed
its expansion into markets in the United States, Europe and Asia, is
banking heavily on quick response time and added layers of protection to
help this 700-employee outfit survive the entrance of Microsoftand an
aggressive push by bigger incumbentsinto its bread-and-butter business.
He dismissed talk that security improvements in Windows Vista will make
anti-virus software redundant, but was willing to concede that malicious
hackers have defeated the stand-alone, signature-based approach to
Security analysts are already writing eulogies for stand-alone,
signature-based anti-virus, arguing that the industry will be forced to
roll out converged security clients, offering multiple capabilities
including anti-spyware, personal firewall, end-point policy enforcement
and intrusion prevention as the foundation.
"We're already there," Kaspersky declared, when confronted with the dire
predictions. "There are no stand-alone anti-virus products anymore. It's
now anti-everything. You have to do things like behavior blocking and
heuristic detections and add anti-spam, anti-spyware and anti-rootkit
capabilities or your software won't be any good."
Add data leak prevention and patch and configuration management into a
single console and this is your new enterprise anti-virus product.
"You need information backup, you need parental controls, you need
anti-phishing. It's a different world today. 10 years ago, we were
fighting against smart kids who hacked as a hobby. Now, we're dealing
with criminal gangs that control your computer to make money. Different
world, different protections," Kaspersky said.
During the press tour in Moscow, Kaspersky was bombarded with questions
about Microsoft's emergence as a legitimate security vendorwith Windows
OneCare for consumers and the Forefront line of products for the
enterprisebut there was no visible sign of fear among the company's
"What do you expect us to do? Just throw up our hands and say we should
shut down because Microsoft is a competitor?" asked Natalya Kaspersky,
the company's chief executive. "We can't sit back and be afraid. We have
to work harder and get better at what we do. Everything else will take
care of itself."
Jon Oltsik, a senior analyst with Enterprise Strategy Group, said he
believes the security improvements in Windows Vista and Microsoft's
aggressive approach to selling its security software, directly and via
the channel, will definitely affect smaller players like Kaspersky Lab.
However, in a discussion with eWEEK he stressed that the Big
ThreeSymantec, McAfee and Trend Microwill feel it even more.
"I don't think these guys [Kaspersky Lab] should be underestimating
Microsoft," Oltsik said, pointing out that Microsoft has pushed into the
market through smart acquisitions of Sybari for anti-virus and Giant
Company for anti-spyware protection. Sybari has undergone a major
makeover and been rebranded as Forefront, and Giant's technology is now
powering the Windows Defender software.
Interestingly, Microsoft resells Kaspersky's anti-virus scanner to
enterprise customers as part of Forefront's multiscanner strategy. The
Kaspersky anti-virus kernel is also integrated into products sold by a
range of IT vendors, including Aladdin Knowledge Systems, Nokia ICG,
F-Secure, G Data Software, Deerfield.com, Alt-N Technologies, MicroWorld
Technologies and BorderWare Technologies.
This puts the company in the unique position of competing against its
OEM partners. As a differentiator, Kaspersky said the company is
shipping a brand-new Version 6.0 engine in its own product suite and is
licensing the 5.0 version to partners.
According to research statistics from Gartner, the global market for
computer security protection could top $10 billion in 2007, making it a
lucrative target even for a company the size of Microsoft.
Natalya Kaspersky, who keeps a close watch on the company's the
day-to-day operations in the United States, United Kingdom, France,
Germany, the Netherlands, Poland, Japan and China, shrugged aside
questions about Microsoft and painted a picture of a company on the
rise, building out new technologies and pushing into new markets.
One such rollout is InfoWatch, a separate subsidiary that offers a
multilayered approach to data leak detection and prevention. Founded in
2003 and launched primarily in the Russian market, InfoWatch provides
monitoring software for e-mail, Internet and Web usage, mail storage and
The company is positioning InfoWatch as a way to help businesses manage
compliance requirements and track internal data theft, even from mobile
Nikolai Grebennikov, deputy director in Kaspersky's department of
innovative technologies, said the new Kaspersky Internet Security 6.0
software will hold its own against the competition. "We have the best
virus detection rates and the fastest response time to new threats. We
do hourly updates and support more than 1,200 formats of archives and
compressed files," he said.
Grebennikov said the company has worked hard on improving scan speeds
and system loads by scanning new and modified files only, caching data
from previous scans and suspending scanning in case of increased user
The new security suite has also been fitted with a new system for
anti-virus scanning of compound objects, optimizing system performance.
This helps to address a longstanding complaint that anti-virus software
with multiple executables eating away at system resources is an
impediment to proper computer usage.
Another improvement, Grebennikov said, is the addition of rootkit
detection and removal to the software. He said new proactive detection
technology will block hidden objects such as stealth rootkits, keystroke
loggers, buffer overflow attacks, data execution attacks and backdoors
that turn infected machines into zombies in botnets.
"These integrated threats are the scariest. Any time you find malware
that's using rootkit techniques to hide, you have to get really nervous.
Some of these threats are very, very sophisticated," Grebennikov said.
Eugene Kaspersky said he sees the enemy as being the sophisticated
malware writer who is very familiar with the way anti-virus software
works. "They know about anti-virus technologies and they're developing
new ways to bypass the protection software. Sometimes, when I look at
the volume of threats we are detecting, I think we are losing this
cat-and-mouse game," he said.
That's why Kaspersky Lab has invested heavily in full-time
"woodpeckers," clickety-clacking 24 hours a day, seven days a week.
Subscribe to InfoSec News