Embrace the Connected World
Just say, "Yes." You have to do it..
Silicon Valley, Seattle, San Diego: Meet David Perry of Trend Micro. He works every day to save your business and a few other important items in your life.
That we live in an increasingly hostile world is self-evident. Though cash has been king throughout the millennia, something quite profound has happened with the advent of computers. Within a few years, our business --every equation and process that gives order to our day and every relation that defines its history -- has been detailed and stored in a computer and represents 1000s of hours of work.
Your data is so unique, recreating it would be debilitating.
One of the biggest problems in small business today is that we under-estimate the value of that data and we have trouble believing anything can happen to those computers - until it does. And, it will.
Issues that face each of us range from viruses to automated internet attacks to outright theft and natural disasters. The cost of these issues in lost information and lost time sometimes is the business itself. Most of us know we need to take a few steps to secure our data but simply do not know where to start.
This episode of the show is our 1-2-3. Please, have somebody in your business become an expert. If you are a sole proprietor, you'll just have to do it!
David Perry, Global Director of Education
DAVID: Typically the way you see the story laid out in the paper is the viruses become more and more threatening over time as if the virus writers were becoming bigger and bigger geniuses. The truth of the matter is the nature of computing has changed and offered new opportunities to hackers and virus writers and writers of trojans etc. Over the course of time we added networks, we added the Internet, we added the world wide web and we added streaming video. Nowadays we have a giant problem with adware and spyware. What is important to remember is there is nothing unique happening on computers, it is all the same things that happen in society in general. We correspond on computers, there's courtship on computers. People meet and marry, there is commerce on computers--people do business on computers. And, there is fraud and theft and forgery on computers. Just the same as there is in real life.
The computer world is a model of our world and we choose what to put there. As long as there is graffiti on the freeway overpasses, as long as we have the ability in here (points to heart) to do vandalism, and steal etc., those things will be in the computer world. So today it's not just about a single computer, it's about the entire network. These days it not just networks in businesses but we have networks in our very homes. So if you're a small business and you use a computer, there's some things you have to think about.
HATTIE: What do small business owners need to be thinking about right now?
DAVID: First off, email. Email is the prime offender. The virus du jour. The biggest viruses we see today all travel in via email. Also in email you get spam, you get those things like the Nigerian con job offer. I have a couple of questions. Who buys these pills that add one to three inches to your garden hose? Who is buying the vitamin supplements? Can't they please stop? Can't we just freeze these people out?
There are other portals of entry that I want people to think about. Diskettes still carry in viruses. People with portable computers need to be careful. I carry a laptap and if I plug into your network I could give you a virus. Disgruntled employees could plant a Trojan or a back door. Of course shared files and the various need for patches and up-to-date software. Whenever you are using an operating system and it should be the same one across your enterprise, you should keep the operating systems up to date particularly with regard to the security updates.
HATTIT: I'm working along on a deadline and a pop up comes and says, "Update."
DAVID: Stop and do the update. It may take a minute or two. But think about it. If you get the virus and it can erase the document or ishut down your network. The biggest cost of viruses is not buying the anti-virus software, it is going around from computer to computer and restoring the lost data. Gartner proved that to us. That's where 40% of the money goes. It goes to recovery. Preventing the virus can be done for a 10th of the cost.
HATTIE: So why do you think only one-third of small business owners have any kind of protection?
DAVID: It's because they think it is the last thing on their agenda. What we've done at Trend is we've produced a series of purpose-built applications that give the small business owner a couple of components. You need a firewall. You need anti-virus on the desktop, you need anti-virus on the email server and you need anti-virus on the gateway. Well, if you can't get your ISP to provide you clean Internet protection, and nobody is guaranteeing that right now, why can't you just install one package for the whole business. That's what we have engineered. One package. It installs from a single point. It controls from a single point. It uses up less hardware and that's engineering for the small business. It's for 25 seats and below.
The small businesses I know, they are just getting to the point where one person is a specialist on the computers and they all have networks and they've all gone down to the computer store. Here in California we have Fry's. They've all gone down to the computer stores and they buy a hub and a high speed Internet connection or a router. Guess what, that's a network. That causes problems. If you buy your own email server, that gives you problems. If you have your own gateway, your own proxy, your own firewall, the problem up to this point has been how do I get enough people to have one dedicated to the computer? How do you run your business? So you run a web site? Do you take orders? Do you advertise by email?
The problem is the small and medium business has fallen below the threshold of having the where with all to pay attention to do all of this. That's what's coming to bare. As we've progressed we've gone to viruses that affect macros that attach to word processing, documents and spreadsheets. That took viruses from a hobbyist problem and made them a corporate problem. We've started seeing server-based viruses. In '93 there were 150 viruses. Today there are 77, 000 viruses known in the world. We receive between 300 and 500 new viruses every month. Sometimes 50 in a single day.
There are two categories of viruses. There are viruses in the wild which are viruses that have infected and we have viruses we call zoo viruses. In the wild viruses we find by finding an infected customer or having a spy like a spider or a bot out on the web that grabs a copy and brings it back to us. The zoo viruses are written by kids -- people-- who don't want to be put in prison for writing a virus so they write it and never release it in the wild. Instead they mail it directly to an anti-virus company and say, "here is my computer virus, I am Kid dangerous, aren't you afraid of me?" We receive that virus and we say, yes, that's a virus Kid Dangerous and we take it and lock it up in the zoo. And the zoo viruses have never infected anybody, ever.
HATTIE: What's with these kids, do you pay them? Is it just a game?
DAVID: It's just a game to them. They are trying to show us how cool they are. And of course, we have to write a detection code for every virus that comes in the door. Every anti-virus company in the world, and there is about 30 of them, it's not just the 3 or 4 you're thinking of. We all have an agreement between us. If we get a new virus, we share it with everyone. This agreement is between the researchers, the academics.
Trend runs the largest virus labs in the world. We have two hundred people doing nothing but examining new viruses. We have a lab in the Philippines, in Cuppertino, in Lakeforest, California, in Untersclisheim ? Germany, one in Paris, one in Munich, one in Melbourne Australia, one in Taipai and one Tokyo. We are all over the world. So we are able to do what we call follow-the-sun research. So if a virus shows up at 3 am we are actually able to assign a tiger team to it. One person is assigned to getting a name for the virus which is more complicated that it sounds. One is assigned to analyzing the behavior of the virus so we can have an alert and tell people what it does. Another person is asking, how do we detect the virus? Another two people are assigned to how do we repair the virus and they all have roll up times. Everything is done right now.
As soon as a virus is determined to be in the wild and worthy of let's say a yellow alert. They wake me up wherever I am because I have to talk to the media. So if you want to know what time a virus is found, find out what time zone I'm in and it's going to be 3 am! Viruses show up 3 am David time. If I'm in London or Australia...(big laugh) At Trend we guarantee our customers a solution in a certain number of minutes! For our enterprise customers we pay cash penalties if we don't have a description within five minutes. If we don't have the first pattern level in 15 minutes and a final pattern level in one hour. There are penalties up to $3,000 per customer per happening and we've never had to pay one. Trend is the fastest company at determining what new viruses are out there. We're very much focused on the cutting edge of that technology. But viruses aren't the whole story.
HATTIE: Do you share your fix with other companies?
DAVID: No. We share a sample of the virus but everybody has to find their own fix.
What is a virus? It is any program that makes copies of itself. That's what a virus is. Whether it's harmful or not. Most of those 77,000 viruses don't do anything but make copies of themselves. So there's really no point to a whole bunch of it. However, there are some big viruses -- the Slammer worm. Are you familiar with the Slammer? All it did was make copies of itself, that's it. It just took up bandwidth because so many copies were traveling through the Internet without malicious code that destroys something.
Trojans are viruses that don't replicate. It's a dirty trick that just sits in one place usually they have a wrapper like the "Trojan Horse." It'll show up and it's agame or a screen saver or whatever. Someone will run it and the next thing they know is their computer is open to the Internet and the person who wrote that can control them from afar. There are Zombies that are used in denial of service attacks. There is adware and spyware which is growing rapidly as a threat. So you really need protection across a range a spectrum spread of malicious content. It is content security.
And then you need protection against content being stolen from you. If you have a patent, a deal, a list of people's salaries, you don't want your employees mailing their resumes out. So we actually do that. We do that. We enable people to do content screening on email going in and out. Here were are. We live in a world where we've developed a whole lot of elaborate Internet capabilities. I can go on the Internet and listen to a radio station from Perth, Australia. It's interesting. I can go on the Internet and look at my cousin Terresa's vacation photographs. I can go on the Internet and send email to virtually anybody in the modern world. Right? But, along with that comes the threats that are inherent. Easy to use is easy to use. Easy to install is easy to install. Easy to hack is easy to hack and that's the world that we live in today.
There are a lot of steps being taken but I would say that the future of Internet security rests on 4 legs. First, the operating systems and applications we use have to be more secure. I can tell you that the people at Microsoft, the people that make operating systems are paying a lot of attention to this. This is job one today for many people in the computer industry. And the hardware too. Two, you need better security applications. Better anti virus, better firewalls, I can tell you we're all busting our buns out here trying to create that. Three, user education and that's what we're doing right now. You need to know that you need better security in the future. And finally, the rule of law. Just today, the first anti-spam bill hit the US. The laws of the world need to catch up with the Internet. That will take us to a more secure future. Those four legs. Applications and operating systems, better security applications, user education and the rule of law will give us a more secure tomorrow.
The most important thing about your computer environment is not the computer. People used to think that viruses would make smoke and fire come out of the back of the computer, right? Cuz that's what happened on Star Trek. The hardware is the cheapest part of the equation. If I spill a Diet Coke on my laptop and I have to replace it, well, that is easy. And there were a lot of programs on it that I have to reinstall. The software is the second cheapest part of the equation because I just reinstalled them from the same disks that were on the last computer. But, the data that was on that computer was irretrievable. That's what important. As a business man, you can never get another copy of that tax form or that email or that spread sheet. All of the things all of the information that you keep on your computer is important. That's why you have a computer is to deal with data. Information is property. And if you're going to protect that information, you better start thinking about it now.
DAVID: Hardware and software has come way down in cost. An IBM xt with software was $8,000. I can remember when the cheapest printers were $500 or $600. Nowadays, you can replace that computer for $1,000. And most computers come with standard applications. But what I need is the data. I need the data so you're going to have to back that up. Make sure you get a backup program going. If you don't have a backup program in your small business, you're asking for trouble. 26.46 The next thing I would say is, remember it's much easier to replace that hardware than it would ever be to replace the data. So you need to protect the data, not just from being destroyed but from being read or modified by someone from outside your firm.
HATTIE: So if I buy a new computer and new software, that will improve my situation.
DAVID: Yes. In general. In the aggregate, that's true. The new computer will be more secure. The new operating systems will be more secure than they have been in the past.
HATTIE: So if try to pile on all this new anti-virus protection and firewalls on my 5-year old computer...
DAVID: No, if you use a five-year-old computer, the first thing you have to do is replace it, OK? I worked for years in technical support and there's a typical call that comes in: This computer worked fine for the last five years and I installed yesterday's software...uh oh. Really your computer is going to be good across a certain vintage. Software that came out the same time your computer was built or that came out maybe a year after is good. After that, stop installing stuff. Why patch the roof when it's not raining? You don't want to wait on your computer until it rains. (regarding updating anti virus pop ups)
We update as much as once a day. We're discovering new things all the time. A good guy researcher will discover something and publish it and then after a period of time a bad guy takes that and turns it into virus. That's where Code Red came from that's where Blaster came from. That's where Slammer came from. That's where where these things are coming from. They're going straight from the good guy research community to the bad guy through the Internet. So when you're operating systems says it needs to be updated and windows tells you to update, do the update. The only reason those viruses go out is because the available update was not being used. People thought, let's wait. I don't need to do it until the virus shows up. Well, when the virus shows up, you're hosed. These things don't take months to spread around the world anymore. The Blaster worm spread to 350,000 computers in 10 minutes. This is an amazing thing.
I was a little science kid. I had rocks and chemistry sets and microscopes and stuff like that. Personal computers show up and I'm already twenty something. Civilization is a process. It's been said, too many times. But the Internet is still the wild west. And it's not just Marshall Dillion who is going to come in and fix that. We need street lights and we need the Brinks truck and we need sidewalks and we need the doctor and the lady milliner who lives down on the corner. We need civilization to come to the Internet. That's going to happen or we're going to find something else to do with our time. Since we use computers so much ....everybody says we're dependent... but since we enjoy computers so much, they enable us to do so many more things than we could do before it behooves us to spend some time making sure they're used safely and legally and that we're all protected.
HATTIE: So you're one of the guys with a white hat.
DAVID: Oh, that would be me but I'm not the Marshall, I'm more the kindly old doctor. But that's still a white hat part you know.
DAVID: We're interested in releasing a policy. We want to say, block that port on your firewall. We can say stop receiving email from Belgium, move things to other servers. Get that update from Microsoft. We want to prevent the outbreak in the first place and that's what we want to do. We want to spend less time mopping up and more time preventing.