ESET Press Center
Why Patching And a Reliable Anti-Threat Security Solution Are Both Needed For Maximum Protection
Complete Transcript of Interview – Randy Abrams - ESET
Let’s Talk Computers Radio Talk Show
Host Alan Ashendorf
August 29 2009
Alan: Today on Let’s Talk Computers we are going to be talking about why it’s so important to have the latest security patches for your operating system, as well as have a good, reliable anti-threat security solution in place in order to provide the maximum protection against new malware threats.
Our guest today is Randy Abrams, Director of Technical Education with ESET. Welcome back to Let’s Talk Computers, Randy.
Randy: Thanks, Alan. It’s good to be back.
Alan: Well, Randy, we have always heard from Microsoft that in order to have maximum protection against any kind of malware threats, we should always have auto-update turned on and let Microsoft decide when we need to update our system.
But, you also hear all over the Internet and in a lot of forums, that we should turn automatic updates, off and only update when we feel the need to update and then do it manually.
Because, if something breaks by one of the automatic patches, we are going to be the ones that are going to have to fix that problems. Which is better?
Randy: Well, it really depends on what kind of user you are. If you are very technically savvy, then it becomes a choice of really knowing what’s on your system and what might break if there’s a patch. It’s pretty rare that it breaks anything, anymore.
In some cases, we are the ones that have to fixit. For a lot of computer users, they don’t know when things need to be patched. They don’t know how to patch them. They don’t know how to fix things, themselves. And definitely for this class of user, it is far, far better to keep automatic updates, (your automatic patching) enabled.
Alan: We have the Microsoft automatic patching, where you really need to update all of our system files just as soon as possible. That’s a good thing, isn’t it?
Randy: It is. Applications, when there is a vulnerability found the bad guys are going to exploit it as quickly as they can. So, it’s in your best interest to get patched as quickly as you can to prevent your computer from getting infected.
Alan: But, there are times where I turn off Microsoft automatic updating and it still updates. What’s going on there?
Randy: Typically, it’s going to be a bug. In some cases, to put it politely, less-than respectful managers at Microsoft have made bonehead decisions, but typically it’s a bug in the implementation that should stay off when you tell it to turn off.
Alan: I agree with you, as far as the operating system, because the operating system is the kernel of our computing system and if it’s not up-to-date, then a lot of things can go wrong.
Because, any Windows program that is out there, is going to write the Microsoft Operating Systems’ standard and if it’s not the latest and greatest on your system, they could have problems.
Randy: It’s not just the operating system, anymore. Because the bad guys understand that Microsoft has gotten very good about pushing out patches – sometimes even when you don’t want to get patched. But, Microsoft has gotten really good at that.
Nowadays, the bad guys are going after the third-party applications, because they know people are less likely to have them patched.
When you running as an Administrator on your computer, if the bad guys can attack you through a third-party application it’s just like they’re giving the Administrator privileges. So, they can compromise the whole operating system…
Alan: There are so many third-party applications that are written to work on Microsoft, that it’s just constantly juggling to figure out what works; what doesn’t work – and as you say, “The bad guys know more about how these things work than the people who are using the applications do.”
Randy: It has gotten to be pretty difficult to know what all you have on your computer – what needs to have patched and what is out-of-date.
And so for that reason, I actually recommend that home users use a free scan from Secunia and that will go through hundreds, if not thousands of applications and tell you if you need to patch them.
Alan: Where can we find that?
Randy: http://www.secunia.com Now, they have a commercial offering for businesses, but they also have a free scan for home users. It’s a very good way to find out if you’ve got all of your applications up-to-date. And I think it’s pretty safe to say most people don’t.
Alan: There are usually three ways that we can have Microsoft Updates work. One is we turn it completely off and hope that it stays off.
The other one is that it will notify me when there are any kinds of updates that need to be put on my system and then I go out to the Website and see what’s there.
And the third way, of course, is just turn it on as “automatic.” Which works the best?
Randy: Well, actually, there’s another way that is a hybrid that I like best. That is it will automatically download the updates when there’s an update available. And then it will prompt you to install.
And the reason I like that method is because, yes, I know I need to have the updates, but if you let it install, automatically, without fail it will install in the middle of the night and you haven’t backed things up and it will reboot your computer and you will loose the document you are working on.
So, I get notified when there’s a new update and if I’ve downloaded it, so when I say, “Install” it’s already to go and it installs, so it doesn’t reboot, unexpectedly on me.
Alan: I’m with you. I don’t like something that’s going to say, “Now, we’re going to reboot the computer,” and now you have 30 seconds or 60 seconds to decide and you may not be sitting there at your computer and the next thing you know, your Word document or you could be right in the middle of your spread sheet or a database or anything – and it is gone, now, right?
Randy: It is. And it’s a really, really good idea to back up anyway, because if you’re in the position where a reboot can destroy your data, then you’re in the position where any kind of hardware or power outage can do the same thing.
Alan: When you go to the Microsoft Update site if there are critical updates; there are security updates; there are the application updates; and then there are the hardware updates. The ones that are critical, I always update. The ones that are security then I look at them and in most cases, I update them, also.
But, the ones for the application and definitely, the ones for the hardware, I kind of take a “wait and see” to see what other people are going to be saying on that on all the forums, because the last thing you want to do is update one of the hardware patches that Microsoft thinks that you need for your operating system and now nothing works!
Randy: Well, in all fairness, it not necessarily that, “Microsoft thinks that you need this patch”; it can very well be that the hardware vendor thinks believes you need this patch. Yes, if “It ain’t broke,” you know sometimes it’s best not to fix it.
You know, that “wait and see” attitude is really good for things like emails from friends, that say, “check out this site,” because there’s so many times that emails are spoofed and if you just wait a little bit, that site will be down and even if you fall for it and click on something that you shouldn’t have, it will be late enough that people got the bad stuff away and you are no longer in danger. So, the wait and see can be a very, very good strategy.
Alan: Yes, the old advice that you get from your Dutch uncle, “Always sleep on something before you buy it; before you do it,” because the impulse to “Click on something,” or “Buy something - right now,” like you are watching a TV show and you see this great infomercial and you have to have it. Then you pick up the phone and then you wish you really hadn’t done that the next day. But, you have already bought it and it’s on its way.
Randy: Yes, and, “This is a funny video and you’ve got to see it.” Give it a few days; if it’s that funny, it will be around for a long time.
Alan: Yes, sometimes when you click on these videos that you have to see, that is making the circuit, the first thing that pops up is, “In order to see this video,” you have to download this codec. And of course, you want to see this video because your friend just told you that you really need to see this video and so what’s the first thing you do? Yep, you download this codec and now you’ve really turned your computer into almost mush, haven’t you?
Randy: Yes; because you almost never need a codec. And if you do, it isn’t from the site that is serving it up to you. I’ve known really smart people that have fallen for that ploy because they just weren’t educated about computer security.
Alan: And then you have the things like the “Flash Announcement,” that you have to update your flash player that’s on your machine. Then you are going, “Well, it is updated.” Well, I guess I need to update it because they have a new one that I haven’t known about. So, I click here. The next thing you know, it’s not Flash that got updated, was it?
Randy: It’s not Flash. That’s another trick, is that if it says, “You need to update, go ahead and run a security scan and see if you really need to update or if it’s a trick.
Alan: If you need to update something like Adobe or any of the other programs that are out there, the best thing that you can do is go to the site that owns the software. Go to Adobe and see what’s going on.
Randy: Exactly. It’s always the best practice to get your software from the original developer or vendor.
Alan: But, this is where ESET really comes in, because ESET catches all these things, doesn’t it?
Randy: We do our best. Nobody catches 100%, but we work really hard to catch virtually everything.
Alan: Yes, because any kind you go onto the Internet you must have a firewall. You must have anti-threat software, anti-virus software, and of course you need to be protected from anything that’s in one of these emails that is telling you to go out to the Web. And you have all of this built-into one package so that we know it plays nice.
Randy: ESET Smart Security Solutions is a very tightly integrated security solution. Instead of going out and buying a whole bunch of different technologies and bolting them together like a Frankenstein monster, Smart Security was designed from the ground-up. All of the modules were designed to work in conjunction with each other.
And so a firewall can talk to the anti-threat engine and pass it data that we can use to create better rules. And that helps improve the heuristic detection and decrease false-positives, as well.
Alan: Yes, because if you have your firewall from brand-A and your anti-threat from brand-B, your virus scanner from brand-C, they really don’t know about each other. And that really is wasting a lot of good opportunity, isn’t it?
Randy: It certainly is. Information sharing has long been recognized as extremely valuable. Designing these modules, the firewall, with the anti-threat engine, and the communications between the anti-spam engines, as well - to talk to each other; to share information.
Our programmers are able to make a lot smarter rules and do a lot more with the technologies than just simply have it there, working independently.
Alan: It also cuts down on overhead, all the CPU timing that we have to use up in the computer, because that is very precious. And if each of these programs is basically doing the same thing, opening a file; looking inside of it and seeing what’s going on – it’s also writing to the disk as a temporary file, then opening it up and looking at it. All of that takes time. And if we only have to do that once, we are ahead of the game.
Randy: Absolutely! From a very early stage, one of the big priorities for ESET was that not only were we going to have the highest possible detection, but we are going to do this as quickly as possible.
And so, when every one else was using higher level of programming languages, ESET was still programming in Assembly Language, which gave us a speed boost.
And there are a lot of different tricks when you write algorithms, which are just different types of programs very elegantly; you can have an amazing speed boost. It’s not just opening up file once, but it’s opening that once and being as efficient as you possibly can with it.
Alan: Every programmer knows the difference by writing a program, saying, “Hello World.” If you write it in Assembler, you are looking at about 15 bytes; if you are writing in your low-level, like ‘C’, you are talking about maybe 1,000 to 2,000 bytes. If you write it some of these higher-level languages, you can get up into the millions of bytes, can’t you?
Randy: Yes, but it’s not just the number of bytes. The other issue is that the compiler is what changes the high-level language, eventually into machine code, might not do it in the most optimal manner. Someone programming in Assembly can choose the very best and quickest method for getting the job done.
The compiler has to kind of be a general-purpose tool. And so, it will do something that works; but it might not be the most efficient and an often time is not the most efficient.
Alan: When you’re talking about an anti-threat engine or an anti-virus engine, this has to hook so low into the operating system to be totally function to protect us. And if it’s not efficient, it ends up owning the whole machine and slowing everything down to a crawl, doesn’t it?
Randy: If it is not efficient because the scanning – every time you access a file pretty much – and you’d be surprised at how frequently that is – is going to have a major performance impact. Often times, people switching from another anti-virus solution to ESET notices a significant speed increase in their computers.
Alan: If somebody would like to find more information about award-winning ESET NOD32 and your ESET Smart Security, with a firewall, where would they go?
Randy: They can come to http://www.eset.com .
Alan: Well, Randy, we have run out of time. I look forward to continuing this conversation where we will be digging deeper into what ESET heuristics is all about and how it differs from other companies saying, they “now have behavior-blocking software,” next time.
Randy: I look forward in being back. Thank again Alan.
