Russia is frequently regarded as the source of the problem rather than the solution when it comes to Internet-related crime. But Moscow-based Kaspersky Labs is aiming to challenge that stereotype: its management are aiming to become the first-choice antivirus (AV) vendor for large businesses.
As stereotypes go, its Soviet-era tower block headquarters do little to break the mould. Similarly, its team of ‘woodpeckers’ – experts that peck away at the 5,000 instances of malicious code it is sent daily – fit the image of the Russian computer geek. Gawky, male, barely out of their teens; they fit perfectly the infamous image of ‘script kiddies’.
Indeed the company founder, Eugene Kaspersky, admits that ensuring his employees remain on the right side of the battle between virus writers and security companies, is not easy to police. His solution may unsettle as much as it calms: “I just watch their eyes to separate the good from the bad.”
But Kaspersky has some impressive results to bolster its credentials. It was the first to warn about the Sony “rootkit” installed by some of its music CDs on users’ PCs; the Windows media file exploit, which it reported had arisen after being sold on cybercrime sites; and the first Trojan for Java mobile phones, RedBrowser, which sends text messages to a premium-rate number.
Such speed has helped the privately-held Kaspersky to boast of rapid growth – it claims to have grown 75% in its last fiscal year. While those figures are not made public, they come against a background of a growing industry: Market watcher Frost & Sullivan forecasts that the antivirus market will grow from $3.27 billion in 2005 to $7.49 billion in 2012, as more targeted and dangerous attacks drive investment.
“I just watch the woodpeckers’ eyes to separate the good from the bad.”
Eugene Kaspersky, Kaspersky Labs
There are, however, potential problems that could stifle Kaspersky’s future growth. Significantly, some critics argue that Kaspersky’s approach – that of providing protection based on an audit of code against a known signature – is too reactive, and therefore incapable of dealing with the ‘zero day’ attacks that exploit weaknesses in programs before a patch can be realised.
Kaspersky defends traditional AV, as the alternative – behavioural monitoring – tends to produce too many false-positive results. Signature-based scanning’s strong point is that “it does detect 100% of what it is able to detect. We do all this stuff but the most important is signature-based – the rest is a good addition.”
However, the idea that complimenting traditional AV software with other security products represents a ‘good addition’ may be putting the cart before the horse, warns Ovum analyst Graham Titterington.
“Antivirus is getting commoditised and many people are thinking that the differences between the vendors no longer make it worth chasing after the best vendor,” he explains.
There are signs that Kaspersky recognises this. Its subsidiary company, InfoWatch, is expected to launch in the UK by the end of 2006 and its technology is already being used by major Russian mobile operators and government agencies, to screen emails and web traffic sent by employees within the organisation for sensitive information based on keywords. This will give Kaspersky a really important ‘added extra’ – that of being able to tackle internal threats to the business, and could help Kaspersky to raise its profile in the enterprise.