Carl Weinschenk spoke with Raimund Genes, CTI, Trend Micro.

Weinschenk: Is it a personal or corporate belief that the era of standalone antivirus software is effectively over?
Genes: It is actually a company belief. I am the CTO responsible for core technology. We see new threats of different sorts of malware. It looks totally different than 2004. That’s when we had the last real non-commercial virus outbreak that spread globally. Now malware is written for profit. The writers want to steal information, hijack computers, and use them to send out spam and attack other computers. The threats have changed completely. That’s why we don’t use the term virus or antivirus. We use the term malware.

Weinschenk: The old process, you suggest, just doesn’t cut it anymore.
Genes: Antivirus products are updated with signatures to detect even this new type of malware. They are released every day or hour, but you can’t use traditional methodology to detect, stop and delete. In the Philippines, we had an antivirus operation in lab, and during a conference it needed to analyze 2,500 pieces of malware on average per hour. This is totally different than 2004. The traditional classical method, in which you wait for signatures and update once a day, doesn’t work as well anymore. This is why you need a combination of different technologies.

Weinschenk: Does Trend Micro still sell AV software?
Genes: Of course we are still selling antivirus. The Geek Squad is using it. It is a subset of the overall effort. The Geek Squad is recommending a firewall, other detection components. We see a movement from antivirus to security. You need Web threat protection to stop users from downloading malware from a link, to stop users from Googling and linking to dangerous sites. For the moment, it is Halloween links. You need to protect against Web threats and you need to protect against malware. When I look at the consumer business, 80 percent of sales are security suites. On the business side, all of our products have multiple components. People need enterprise firewalls, separation of Internet and intranet and other things. For example, with the URL element, we are testing 3 to 5 billion URL requests from customers, who are asking "What about this URL? Should I be visiting?"

Weinschenk: What do you see across the industry?
Genes: The industry overall is changing. When I look at products, all the major vendors offer suites. They still sell standalone AV, but enterprise security is demanding a multilayer approach to protection. Of course, they are confronting the vendors, saying, "I pay you so much money, and I need you to protect me." They switch from antivirus to a security suite approach. They have to. Every security vendor is offering this because we all strongly want people to move along the upgrade paths from old solutions to new solutions. Depending on what kind of customer it is, there could be different products.

Weinschenk: How are the bad guys reacting?
Genes: The bad guys are getting more and more clever. Last week, Microsoft needed to release a patch. They normally released patches for their OSes once a month. It was needed because the bad guys figured out how to infiltrate Microsoft’s OS through a remote code execution. Because the malware already was around, they had to do the release. The bad guys know that a lot of customers still rely on traditional antivirus. Of course, infection-based attacks are going down because the security industry is rolling out suites to more customers. There are still a lot of consumers and SMBs who acquired standalone antivirus three years ago and renew it yearly and haven’t upgraded. They are low hanging fruit for bad guys. They still have a lot of people to infect.

Weinschenk: That sounds ominous – that there still is a lot of standalone antivirus software in use.
Genes: This is a challenge. Some customers are still using old OSes and of course all the security [specific to them]. It is extremely difficult to convince them. What we can do as the security industry is educate the market, talk to editors. We have to tell customers our traditional approaches to protecting customers worked well at that time and at this time it doesn’t work.

Weinschenk: Can people put best-of-breed solutions from different vendors together?
Genes: If the components are from different vendors, they are not optimized to work together. It increases the workload. If you see an alert from the firewall, there may be no alert to the antivirus. Suites collaborate between events. The biggest problem with combining products from different vendors is the memory.

Weinschenk: What about SMBs?
Genes: In the SMB space — say a doctor with 10 employees – the people there don’t know much about security. They don’t read the magazines. These guys actually rely on value-added resellers. We have a VAR base around the globe. These guys are educated on security and in many cases even manage their security.