Sophos shows business priority

Jan Hruska, the CEO of Sophos recently visited Abu Dhabi to mark the vendor’s official regional launch with its partner Al Adeeb IT. Network Middle East met with him and learned about his hopes for the region as well as his attitudes to virus writers, internet bank robberies and Microsoft.

  • E-Mail
By  Simon Duddy Published  April 24, 2005

|~|Jan_Hruska_m.jpg|~||~|Jan Hruska, the CEO of Sophos recently visited Abu Dhabi to mark the vendor’s official regional launch with its partner Al Adeeb IT. Network Middle East met with him and learned about his hopes for the region as well as his attitudes to virus writers, internet bank robberies and Microsoft.

Network Middle East: Sophos is a latecomer to the Middle East. Have you left it too late to attack the market?

Jan Hruska: The company has been in existence since 1985, and we have expanded in parts of the world, some more than others, in the same way as others have done. We haven’t had much presence in the Middle East but it doesn’t mean now is not the right time to do it. We fight our competitors successfully elsewhere and we will go for the same thing here.

NME: You have signed a deal with Al Adeeb IT. What do both companies stand to gain from the relationship and what are your expectations from the partnership?

JH: We have been co-operating with Al Adeeb IT’s associate company in the UK for some time, so trust has been built over the years. This has allowed us to leapfrog the ‘getting to know each other’ phase that two businesses naturally go through when they start to work together. That has been extremely good on both sides. We have had good indications that the market is here, we have world class products which have done well in other regions. We just need to do exactly the same here.

NME: What is your target
customer base?

JH: The sweet spot customer is 50-10,000 users. We have two offerings, the Small Business Edition which is geared towards businesses of up to 100 users and Enterprise Solutions, which is geared to companies with more than 100 PCs. There is no demarcation line in terms of performance, Enterprise Solutions will work well on a single PC and the Small Business Edition will work in larger companies. It is really about configurability and ease of use. Small Business Edition is less configurable and extremely easy to use. Enterprise Solutions is much more configurable but consequently less easy to use.

NME: What are the strengths
of Sophos?

JH: The main selling point of Sophos is that we are specifically geared towards business. We do not cater to the home user at all, which gives us great freedom to formulate our product so it is completely designed for business use. Secondly, it allows us to formulate our service so it is geared towards the business user. Service is like an emergency room in a hospital — you don’t need it often but when you need it you need it quickly. It’s the same with computer viruses, in that you need an immediate response. If you are servicing home users as well as businesses, you have millions of users who need a fast response. We have tens of thousands of companies, so we can offer a speedier service.

NME: A recent massive bank robbery was attempted over the internet when thieves planned to steal hundreds of millions of dollars from a London branch of Japan’s Sumitomo Mitsui bank. What techniques did the hackers use, how where they foiled and how close were they to succeeding?

JH: They used keylogging, which has been around for years. They tried to get access to the passwords that are used to access the money transfer systems in the bank. They then planned to remotely access these computers and do unauthorised transfers. They didn’t succeed, as they were monitored by the Computer Crime Unit of the UK police and were intercepted. Police were aware of the activities of the gang for at least a year. It wouldn’t surprise me if the police were actively monitoring their activities to see what the modern day criminal is capable of.

NME: You’ve gone on record as saying that you won’t hire virus-writers. Why?

JH: Still holds. The effort necessary to write viruses is completely different from the talent needed to reverse engineer viruses. That is the basic problem from a technical point of view. I have a much bigger problem from the moral point of view. When you grow up, you make a decision, you are either a bank robber or a policeman, you can’t be a bank robber turned policeman.

NME: There has been hype lately about multiple entry point viruses. What are they, what danger do they represent and how are they stopped?

JH: Multiple entry point viruses don’t follow the traditional path of execution. A standard virus that attaches itself to an executable simply modifies the execution flow, which means if you are looking for a virus, you follow the execution flow. But with multiple entry point viruses they have more than one execution flow path. They are more difficult to find because now you have to scan maybe several execution flow paths. Another problem is that it might not plant itself at the very beginning of the execution flow but try to follow the execution flow and then implant itself.

But the time taken by the viruses to follow the execution path is quite long computationally and this decreases the speed at which the virus can spread. For the virus writers, they have to balance between infection rates and hiding the virus.

To address it, we adapt the virus engine to follow the execution flow and use other techniques for intelligent virus detection. But while we can tackle viruses in a brutal way, by scanning every executable is possible, it is a last resort as it will slow the network. So we have to make sure the shortcuts discover viruses.

NME: Do you see a greater tendency towards criminal activities among hackers and virus writers?

JH: We are seeing convergence between virus writers and spammers. Virus writers were not originally doing it for monetary gain, presumably it was for fun but the advent of spam, which is big business and carries a lot of monetary rewards, has changed this. What spammers need is compromised machines and what virus writers can provide is virus code, which compromises the machines. Put two and two together and suddenly virus writers could be financed for their work, which must have been a shock for them.

NME: Do you forsee a time when operating system (OS) developers will integrate security features into their software thus making dedicated security software redundant?

JH: We already have plenty of security features in operating systems. Gone are the days of MS-DOS where there were no security features.

NME: What if Microsoft was to build antivirus and antispam tools into its next OS? Would that be a threat to your business?

JH: It wouldn’t be the first time that Microsoft has tried to build antivirus into its OS. With DOS 5, I think, they built in Central Point antivirus, and it lasted six months before it became a joke. They tried it with the service pack of Windows 98 when they bundled McAfee with it, and they soon found out that it is not a business model that they are good at servicing. Undoubtedly, they will try it again in the future, most likely with consumer antivirus.

They have already done it with anti-spyware, by buying Giant Company Software and they will probably bundle that product with an OS. Also, Microsoft has already bundled a firewall into Windows XP. It’s by no means the end of the firewall companies.

Add to that its recent acquisition of Sybari software, which has very good gateway antivirus products and they are obviously very aware of the market. They are also aware that the market expects them to react, so they are putting the blocks together.

NME: Do you think Microsoft can do it fast enough to get ahead of the security companies?

JH: That is where the business model of security companies, who can react quickly to threats, doesn’t fit with Microsoft’s strengths. You can see that Microsoft, despite its efforts, has not developed its own antivirus engine. It has bought Sybari presumably because it can incorporate several antivirus engines inside the software. It would not surprise me if Microsoft came up with its own engine providing the wrapper into which other antivirus engines can plug in.

NME: But the end user just wants a PC to be safe and doesn’t want to have to work on it or worry. Surely the market is there for an OS that is safe by default?

JH: It’s more complex than that. It’s a bit like saying the car manufacturer has put locks on the car so I’m not going to bother to close the windows. There’s a lot of user intervention needed with PCs and it is wrong to think that a PC can be safe by default. The only PC that is safe by default is one that is switched off. And maybe not even then. As long as you have usability and a PC that can do things, then trying to prevent users from doing dangerous things algorithmically is extremely difficult.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code