Speak no evil
According to a UN report the Internet will have almost 3 billion users by the end of the year.
I doubt that this number will ever shrink or go away. But what an incredible number that nobody could have predicted in those long gone days when PCs were extremely expensive and running under DOS. All that was the new world about 25 years ago. Those were the days when one had to type commands in to extract a response from the computer. Windows was still many years away.
To get anywhere near programming or fault finding, for or in a PC, one had to learn the mysteries of machine code. That was quite a task and the world’s greatest guru was Peter Norton. In those days everybody owned a copy of his book called by his name. My copy still sits on my book shelf. Many years later the same Peter Norton sold his programs to Symantec who we all recognise as a serious provider of anti virus and system software. At least that was so some fifteen years ago.
An article in The Wall Street Journal this month quoted executives from anti virus pioneer Symantec uttering words that would have been industry heresy a few years ago, declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle.
Regrettably as the number of competitors in the AV industry increased Symantec’s reputation was relegated to bloat ware. It came preloaded on almost every PC one bought and was nigh impossible to uninstall without special tools. To make matters worse it also became a major cause of system slowdowns. The start of the decline was the perception that the commercial future lay in virus and malware detection and everybody got onto that bandwagon.
It therefore came as no surprise when Symantec recently announced that it was changing its focus and would no longer concentrate on the AV side of development.
The catalyst was quite simple. As the AV industry became smarter so did the bad guys; they responded with their own innovations. What they came up with is known as the “crypting” service, a service that has spawned an entire industry that is arguably one of the most bustling and lucrative in the cyber crime underground today.
Put simply, a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process until the malware is found to be completely undetectable by all of the anti virus tools on the market.
Incidentally, the bad guys call this state “fully un-detectable,” or FUD for short, more commonly known in the security industry as “fear, uncertainty and doubt”.
But there is a far more deciding ingredient in the mix these days. I have covered stories of the many huge data bases that have been hacked and it does not take too much imagination to realise that more money is to be made out of those efforts than attacking home or small business computers. Similarly, the focus has also changed to mobile devices rather than desktops. Again the reasoning is simple. They will be the most prolific devices in use and used for almost all imaginable purposes. The weaknesses that permit successful hacking are not necessarily the underlying operating systems but rather the myriad of apps that give the phones and tablets their array of talents.
The direction solutions will take is still somewhat muddy. The majority of the mobile devices in use are smart phones. No prizes for guessing that. But these phones have one frustration built in and that is the input device. I don’t know how you fare but my fingers are just too fat to fluently manipulate even the cleverest onscreen keyboards. The obvious direction is to have everything activated and controlled by voice recognition. In other words, speak to it and have whatever you say happen as you would wish.
Again this is nothing new as both main contenders, Apple and Android, have their voice driven “assistants” up and running. They are still in their infancy but are being driven to allow all tasks to be responsive to simple speech directives. The future will have us able to speak naturally and be recognised by all apps requiring an input from us.
Google is currently changing their web algorithms with much of this in mind. The problem yet to be solved is when two sentences form part of the same thread in a question. We could say “where is Nemo” and the system would readily respond correctly. However, if in the same breath we follow that with “and what colour are his stripes?” the existing systems would be defeated. You and I understand that the second question still refers to Nemo but as yet this is not handled very well at all in voice recognitions logic. Nor is it handled well on web searches, hence the algorithm changes at Google.
And this is where our circle has almost fully turned. If we rely on speech what will the next virus look like and how will we be able to protect ourselves? Our web pages, SMS messages and emails will all speak to us. So how will we prevent our devices from responding to malware statements such as “send banking data to the bad guys” or “kill this phone”? You get the idea.
So is anti virus software dead? I would say most definitely not!
Indeed it will have to acquire a new and sophisticated garb. While there is money to be made in cyber crime the bad guys will continue to do their utmost to get hold of our assets, be they big or small. And that is incentive enough to have the crime fighting arm of the industry continue.
