Interview with Bitdefender's Senior e-Threat Analyst Bogdan Botezatu
Bitdefender seems to be always one step ahead of the industry, passing all independent tests and sporting the highest scores from security researchers. The company won top ratings in AV-TEST, with Best Protection and Best Performance awards, Best Antivirus of 2014 from PC Mag and Editor's Choice 2013 of CNet. Its brand name is #1 Antivirus in the World, so when we got a chance to digitally sit with Bitdefender's Bogdan Botezatu for an interview, we wanted to ask as many questions as possible a regular user would want to ask a security specialist of that level.
Bogdan Botezatu, 31, is a Senior e-Threat Analyst at the company's Romanian headquarters since 2007. He works when Europe sleeps, keeping track of cyber threats that emerge with ever growing velocity, as well as the state of the art malware developments for mobile platforms and social networks.
Bogdan's Twitter feed is a well of the latest information on found exploits and all that nerd stuff security analysts share. He also published a series of works on Internet security - Securing Wireless Networks, Malware History, The Safe Blogging Guide. He was in Bitdefender's team that gave us Bitdefender USB Immunizer and Bitdefender Removal Tools. Being an eloquent speaker, he represents Bitdefender at various international security conferences on combating cybercrime.
So, if you want some first-hand insight on online security, read on!
Bitdefender has been #1 ranked AV solution for years now - how do you manage to stay ahead of the competition?
For the past few years, we have invested massively in technologies that could assist malware detection and removal. For instance, we have developed automated malware analysis systems that rely on artificial intelligence (machine learning) to tell clean files from potentially malicious ones. This way, we can accurately process millions of files per day under the supervision of a handful of human technicians.
What are the main challenges in the AV industry you face now?
The sheer amount of malware is one of the issues. Antivirus companies have a limited amount of resources. On the other side though, cyber-criminals are becoming increasingly motivated. Exploit packs and commercial-grade do-it-yourself malware kits have also played a key role in the development of malware ops. For instance, anyone who is willing to spend roughly US $10,000 can buy into an exploit pack and start attacking unwary victims, even if the “hacker” has no programming skills whatsoever.
At the moment, there are roughly 300 million unique pieces of malware and the situation is getting worse: new malware appears at a rate of about 10 million new pieces a month. Keeping up with these is a challenge in itself.
What sources do you rely on for the most up-to-date news on security breaches and threats?
I only read two types of feeds: Twitter posts from other security researchers that I know and follow and security-related mailing lists where fellow researchers in the AV industry post samples, updates and research.
What are the most awesome Bitdefender products so far, in your opinion?
Every product that we develop at Bitdefender has its own wow factor. My personal favorite is the Bitdefender Mobile Security suite, an Android application that acts as antivirus, web filter, privacy advisor and antitheft. Its awesomeness stems from the fact that it lets you find your phone even if it has been disconnected from the Internet or even if a potential thief has changed its SIM card. Another product that very few people know of and that is special to me is TrafficLight – a browser add-on that scans web pages as they load and block the malicious ones before getting to inflict any damage. And it does this without having to install an antivirus on the respective computer.
How do you see AV industry perspectives? With the increasing number of threats, Symantec even said 'antivirus is dead' since it is incapable of eliminating all threats, and security-minded users have to install AV, anti-spyware, anti-keyloggers and the list grows daily. How does Bitdefender tackle the new challenges and the increasing demand in a universal product that would perform all functions security-wise?
The antivirus may be dead, but this does not mean anything for the industry as a whole. An antivirus is a simple utility that looks for patterns of known signatures. What we have been building for years is a fully mature antimalware solution. It’s not about pattern matching anymore, but about behavioral inspection, sandboxing, firewall, active process control, event correlation and cloud intelligence united in a single product. It is a state of the art product that can successfully face real life scenarios, and independent reviews (AV-Test or AV-Comparatives) confirm that.
What personal and private information does your antivirus product collect from regular home users? We understand you need some information to track your product's performance and meet user needs better, but what part of that information is accessible to third parties or governments?
The information we collect via our feedback mechanism is strictly related to threat reporting. For instance, we collect the name and number of blocked threats that are correlated with a geographic location, so we are able to spot malware outbreaks in specific regions. These reports are anonymized (i.e. not correlated with a specific username). The user can opt out of this feedback program anytime by simply unticking a checkbox, either before or after installation.
This data is strictly limited to internal use and is never shared with third parties (governments included). As a European company, we take privacy extremely seriously, as the EU has one of the harshest legislation in the world on personally identifiable data.
In your opinion, how Edward Snowden's revelations affected the AV industry?
Snowden’s revelations have broken down the world in two sides: on one side, we have users who now fear to use software or services provided by US-based vendors (antivirus solutions included), but on the other side, there are users who have started to understand that they need a state-of-the-art antimalware solution that is able to fend off government-sanctioned malware (such as FinFisher, for instance).
Can antivirus programs help users protect themselves from state surveillance?
Sure, as long as the antimalware solution packs technologies advanced enough to fend off zero-day exploits or extremely carefully-written malware.
Is there a Bitdefender emergency tool you would recommend to non-Bitdefender users as a one-time cleanup, if other tools like MWBites and DrWeb fail?
We constantly provide emergency fixes for computer users who are not using Bitdefender products. These removal tools deal with specific threats, ranging from government-sanctioned malware (yes, we have a removal tool for FinFisher) to generic adware that may be inadvertently installed along with free or trial versions of your favorite software.
Do you plan to implement apps and browsing sandboxing in your home editions? [Is Bitdefender Safepay a sandboxed browser?]
We were one of the pioneers of sandboxing, and we have added this technology since early 2005. I’m talking here about our famous B-HAVE technology. We now offer a sandboxed browser, called Safepay that offers multiple layers of protection against banking malware such as Zeus, Carberp and SpyEye.
Is there a cloud protection solution for non-enterprise users from Bitdefender?
All Bitdefender antimalware suites for consumers feature cloud technologies. We also have a product called Quickscan that is exclusively built on cloud technologies. Because of this, it is extremely fast and has zero impact on the computer’s performance. QuickScan is available both as a browser add-on and as a standalone product, but it is a core technology integrated with all our antimalware solutions.
With recent iCloud hacks, some users question security of their cloud storage, irrespective of the service provider. How would you recommend users protect the information stored in the cloud?
Encrypt it before uploading. It sounds easier than it is though because, in most of the cases, the applications that store data in the cloud don’t quite give the user the option to encrypt it before it leaves your phone. For instance, a camera app won’t ask you if you want to encrypt the data before it is synced with the cloud. With file storage or file sharing services you have full control though, and there is no excuse not to encrypt by yourself before uploading, especially if we’re talking about private or sensitive data.
Browser-wise, how safe/unsafe does Bitdefender rate modern browsers? Do you have any recommendations or personal preferences?
Browser exploits are rare if we only take into account modern browser (i.e. not Internet Explorer 6). Browser add-ons that handle active content (Flash Player, Java, Reader) and others are actually seen by cyber-criminals as the exploitable parts of the browser.
I personally use Chrome as it has its own sandboxed implementation of Flash Player, built-in XSS protection, certificate pinning and the capability to automatically disable active content if the responsible plugins are outdated. For critical operations such as banking, I always rely on Safepay.
As recommendation, I’d strongly advise the users to keep their browsers and browser plugins updated and to limit the number of extensions to an absolute minimum. The TrafficLight extension is also something I’d recommend especially for users who don’t run a dedicated antivirus solution.
New software requires more powerful hardware than its previous versions, and hardware becomes outdated the moment we buy it. Does Bitdefender have to compromise on functionality to release a product that is compatible with older hardware, or do you prefer to focus on cutting-edge computers that are about to hit the shelves?
As a security company, we cater to the needs of our public. We do not focus on the latest hardware available on the market because this would mean sacrificing users who are not frequently upgrading their hardware. We do specify a minimum of hardware requirements that our customers should meet for a flawless user experience.
Our flagship product, the Total Security 2015, for instance, requires an 800 MHz processor and only one GB of RAM. We couldn’t have done this without the help of cloud technologies which offload all the resource-intensive operations into our datacenter infrastructure. Shortly put, we buy extremely expensive and powerful hardware so you don’t have to.
What are your personal recommendations to average savvy users on fine-tuning Bitdefender 2015/Bitdefender for mobile?
The consumer line of products is already tuned for best performance and productivity because we have designed it to work out of the box and offload the average user the hassle of configuration. What I would recommend though is that the customer makes use of all the features that we have packed with the product.
For the Bitdefender 2015 line, the features that should be used most would be the OneClick Optimizer, Safepay and the Vulnerability Scanner. Mobile Security users should not miss the antitheft feature and the Privacy Advisor.
I realize this might be a question you would not want to answer not to cross tech giants, but with the stats you collect from your users, what mobile/desktop OS tends to be safer - Android/iOS/WP, Windows/Mac?
The safest operating systems are always the ones that have the lowest adoption in the market. Cyber-criminals always focus on the masses because this is how they make the biggest profit. There is no such thing like an impregnable operating system, and I’d like you not to take my word for it.
To give you just an example, some readers might remember that Macs have been touted to be totally shielded from mawalre. In 2011, about 600,000 Mac computers have been infected with the Flashback Trojan in a couple of days. If we keep the proportion to the OS X market share, this has been the single largest pandemic of all time. It even surpassed the Conficker worm on Windows in virality.
Linux – another operating system that is regarded as extremely secure and well designed to resist malware – still has its share of kernel exploits that prove it would be possible for a hacker to subvert it, should it ever become financially appealing.
Bitdefender Parental Control - what does Facebook monitoring feature mean? Can it help prevent cyber bullying?
The facebook monitoring option in the Parental Control module allows a parent to know who their child interacts it. It can alert the parent about the potentially harmful activities of the child (such as engaging in conversations with unknown people or exchanging / reading inappropriate content for their age). It does not substitute for a parent, but rather lets the parent know how the child interacts with others in the privacy of their Facebook account.
Personally, what does it mean to you to be a part of the world's leading antivirus company?
To me, it is extremely rewarding. We cater to the safety and well-being of over 500 million users worldwide who put their trust into us for defending their finances, their online identities and their entire presence on the Internet. It is a huge responsibility, but after we work hard, we party hard.
Is there a life outside Bitdefender for you? Modern productivity bees, especially folks working in the tech industry, spend most of their days and nights in front of screens, big and small. Do you manage to disconnect sometimes? What are your hobbies or favorite outdoor activities, that you enjoy outside the office?
It is true that I tend to spend a significant chunk of my time in front of the computer or tablet; however this is not because I have to, but rather because I’m a tech-head and most of the things I’m very passionate about require a computer or gaming console. When I’m not working or wasting time in front of the computer, I do what a “normal” person would do: hang out with friends, cook food for (or with) my friends and family, travel abroad or play the drums.
Sharp, fast and straightforward answers, aren’t they? I meant for this interview to be a security insight from the first line of defense of cyber warfare so to speak. Being immune to all sorts of brand-related brainwashing, however, I feel my long-lasting affection to another AV provider waver. For starters, I deleted a couple of browser add-ons and installed the TrafficLight.
Download3k thanks Bogdan Botezatu for the time he took to answer our questions, and may the Force be with him in his tireless fight against the Siths of Malware!