Even the most superficial discussion about cyber-crime involves learning an almost entirely new language. You quickly hear stories of zombies, Trojans and polymorphic worms, moving swiftly on to phishing, botnets and – my personal favourite – drive-by pharming. It’s like some bizarre new genre of fiction which draws its inspiration from a combination of Tolkein, HG Wells and 50 Cent.
To illustrate, the following passage is a quote from David Emm, senior technology consultant at security software company Kaspersky Lab, given in response to a question about the recent evolution of the security software market.
“The number of Trojans in 2006 far outweighed the number of worms – new families of Trojans and variants accounted for 90 per cent of all new malware last year. This is attributable to the fact they are relatively easy to write and can be used to steal information, create botnets and execute mass spam mailings,” he says.
This fantastic lexicon can be both a help and a hindrance to PC retailers. Used properly it can instil such a sense of paralysing fear and vulnerability in the previously naïve and innocent consumer that they will be begging you to sell them every variety of security software, regardless of cost. Apply it clumsily, however, and your customer’s eyes will start to glaze over as they begin to view you with the pity usually reserved for delegates at a science fiction convention.
To further complicate matters, the cyber-crime landscape is in a state of constant and rapid evolution. Five years ago we would’ve been talking about viruses and the signatures produced by anti-virus companies to combat them, now that is just a small piece of the puzzle. Furthermore, the reasons for the existence of malicious software (malware) were different, as Lee Sharrocks, Symantec’s UK consumer sales director explains. “The change in the last few years has been from ‘hackers’ to malware/crimeware used by organised criminals to steal sensitive information.”
The emergence of professional criminals has brought about a massive surge in the diversity and complexity of malware and the security software industry has had to keep up.
“Most people still think AV (anti-virus) is just a signature based thing,” says Larry Bridwell, global security strategist at Grisoft – makers of AVG. “Now definitions look at more than just pieces of code but its behaviour.”
This behaviour based detection is the speciality of Sana Security. “We look at what the software does, not what it is,” says VP of sales and marketing, Tim Eades. “Malware needs to be able to do certain things before it can do what it’s designed for and it’s this behaviour that we detect.”
“A new piece of malware emerges every three minutes,” he adds. “AV is just not enough to cope with such high volumes of malware as it works on the basis that for every piece of malicious code, a single signature is required in response. This could mean that in any 24-hour period, 480 pieces of malware are on the prowl for our identities, and in retaliation, AV vendors, would have to update 3,360 new signatures every week.”
This type of detection could well be increasingly important as threats continue to evolve. Emm adds: “Individually targeted attacks, such as ‘ransomware’, first seen in 2006, where personal data is encrypted on a personal PC and money exhorted from the victim to ensure the safe return of that data, will increase. We’ll also see more attacks against newer technologies – malware targeting mobile phones (particularly with wider adoption of smartphones), IM and Macs – as well as malicious code being developed for consoles.”
This proliferation has led to an overwhelming swing in consumer taste in favour of security suites as opposed to the separate components such as AV, firewalls, etc. Sana appears to be unique in that it works in parallel with a traditional security suite, but the incumbents are also claiming a behaviour based element to their own products. Having already made that claim on behalf of AVG, Bridwell is quick to concede that there are a lot of good products out there. “All AV companies have good software, so defence in depth is the only way.”
The size of the market has also lead to intense competition, with the incumbents having to raise their game to fight off new entrants. One relatively new company, which had experienced strong growth in market share in the past few years, is Bullguard. Paul Leaman, UK sales director, thinks prices of security software are dropping.
“The consumer security market has become even more competitive in recent months with the entry of Microsoft’s OneCare product,” he says. “The Microsoft RRP launch price of £34.99 is already being discounted, so the days of consumers having to pay up to £50 for security are a thing of the past.”
In principle, this creates the ideal sales environment for the smaller retailer/reseller: an increasingly complex landscape with an ever growing choice of products to service it. The canny businessman will be the one who renders himself invaluable to his customers through his expertise, support and guidance.