Antivirus systems need to strike a balance between detecting all possible attacks without causing any false alarms. And while we try to improve on this all the time, there will never be a solution that is 100 percent perfect.
— Mikko Hypponen
I'm a hacker, but I'm the good kind of hackers. And I've never been a criminal.
You can get the best locksmith in the world to design the best lock he can design, is it pick proof? No, it's not: it can be very hard to pick, but it is pickable. Because you can get, say, the next 10 best locksmiths, and give them unlimited money and time, they will figure out a way to pick it.
It's been a bit sad to see that out of Linux distributions, it was Android - the most successful mobile Linux distribution - that has really introduced the malware problem to the Linux world.
One thing we should all understand is that we are brutally honest with search engines. You show me your search history, and I'll find something incriminating or something embarrassing there in five minutes. We are more honest with search engines than we are with our families.
I believe in the freedom of the net, but I don't believe in the freedom of the net at the cost of having these online criminal gangs running completely loose and using the freedom of the net to steal everybody's money and take away the trust we have.
You should have mechanisms of communication, like faxes, which are obviously getting removed from offices because nobody uses them anymore. Faxes are great when e-mail doesn't work. I wouldn't be throwing them away.
Governmental surveillance is not about the government collecting the information you're sharing publicly and willingly; it's about collecting the information you don't think you're sharing at all, such as the online searches you do on search engines... or private emails or text messages... or the location of your mobile phone at any time.
The United States has an unfair advantage, as most of the popular cloud services, search engines, computer and mobile operating systems or web browsers are made by U.S. companies. When the rest of the world uses the net, they are effectively using U.S.-based services, making them a legal target for U.S. intelligence.
Today, in 2011, if you go and buy a color laser printer from any major laser printer manufacturer and print a page, that page will end up having slight yellow dots printed on every single page in a pattern which makes the page unique to you and to your printer. This is happening to us today. And nobody seems to be making a fuss about it.
I see beauty in the future of the Internet, but I'm worried that we might not see that. I'm worried that we are running into problems because of online crime. Online crime is the one thing that might take these things away from us.
It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans.
We want to detect malware, regardless of its source or purpose. Politics don't even enter the discussion, nor should they. Any malware, even targeted, can get out of hand and cause 'collateral damage' to machines that aren't the intended victim.
Anonymous is like an amoeba: it's got too many different operations run by truly different people which might not share a single person with another operation, but they use the same branding - they are part of the Anonymous brand, just like al-Qaida.
It's not publicly known, but antivirus companies co-operate all the time. On the surface, antivirus vendors are direct competitors. And in fact, the competition is fierce on the sales and marketing side. But on the technical side, we're actually very friendly to each other. It seems that everyone knows everyone else.
Nuclear scientists lost their innocence when we used the atom bomb for the very first time. So we could argue computer scientists lost their innocence in 2009 when we started using malware as an offensive attack weapon.
Surveillance changes history. We know this through examples of corrupt presidents like Nixon.
We're risking the future of the net. People are already losing their trust. Once you get burned once - somebody steals your credit card, or makes a purchase on your account - people tend to stay away from online commerce and from trusting online services.
Foreigners like me have no privacy rights whatsoever. Yet we keep using U.S.-based services all the time, making us a legal target for gathering and storing our private information. Other countries do surveillance as well. But nobody has the global visibility that United States does.
It's going to be interesting to watch presidential elections in around 2040, when voters can dig up candidates' teenage angst pics and posts from old social media and discussion forum archives.
U.S. intelligence has the legal right to monitor foreign communications as they go through to U.S. service providers. However, even though something is legal doesn't make it right. I'm not American; I don't really care about what data is being collected about American citizens. I'm worried about us, the foreigners.
In the 1980s, in the communist Eastern Germany, if you owned a typewriter, you had to register it with the government. You had to register a sample sheet of text out of the typewriter. And this was done so the government could track where text was coming from.
Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like electricity, obviously, on computers working. And this really is something which creates completely new problems for us. We must have some way of continuing to work even if computers fail.
Stuxnet, Duqu and Flame are not normal, everyday malware, of course. All three of them were most likely developed by a Western intelligence agency as part of covert operations that weren't meant to be discovered. The fact that the malware evaded detection proves how well the attackers did their job.
How many of the 'Fortune' 500 are hacked? 500.
Defending against military-strength malware is a real challenge for the computer security industry. Furthermore, the security industry is not global. It is highly focused in just a handful of countries. The rest of the countries rely on foreign security labs to provide their everyday digital security for them.
There is a difference between the stuff that people put online themselves, like pictures and their trips and flights and meals they've eaten, than the stuff that they don't realize is also going into foreign computers. Like, for example, copies of your emails or every single online search you ever do, 'cause all that is being recorded as well.
It's so cheap to store all data. It's cheaper to keep it than to delete it. And that means people will change their behavior because they know anything they say online can be used against them in the future.
Online crime is practically always international, because they almost always cross traditional national borders.
Laws and regulations are supposed to restrict the kind of surveillance governments do. In fact, the U.S. government is quite restricted in what kind of surveillance they can do on U.S. citizens. The problem is that 96 percent of the planet is not U.S. citizens.
Alternative services would mean that there would be services available to compete with Google, Facebook, Amazon, Dropbox, Skype, etc., and they would be run by companies not based in the U.S.A. The rest of the world has simply failed in being able to compete with them, and we really should be doing better here.
It's high time for a fresh European alternative to enter the market, taking the existing Internet behemoths head on. What the world needs now is a cloud storage service that is not subject to uncontrolled access by intelligence agencies.
I've spent my life defending the Net, and I do feel that if we don't fight online crime, we are running a risk of losing it all.
The vast majority of the online crime cases, we don't even know which continent the attacks are coming from. And even if we are able to find online criminals, quite often there is no outcome. The local police don't act, or if they do, there's not enough evidence, or for some reason we can't take them down.