“Kaspersky Lab” at GITEX 2012 and ITU 2012: Russian protected OS

This year’s GITEX exhibition was held simultaneously with the forum ITU (International Telecommunications Union). The latter “Kaspersky Lab” for the first time officially confirmed its plans to create its own protected operating system, rumors of which went for many years. The place and time chosen by chance. As originally Russian, “Kaspersky Lab” has long since become an international company and is working around the world (almost 200 companies), including in the Arab region. As a global player, “Kaspersky Lab” must not only respond to current threats, but also anticipate them. That is why the creation of a protected operating system – it is a logical step.

In his speech at the forum ITU CEO, Evgeny Kaspersky, talked a lot about cyberthreats. According to him, cyber weapons threatens not only the state and the company, but also ordinary people. The purpose of “Kaspersky Lab” is including to prevent viruses and worms stop technological progress and to prevent cyber threats affect the operation of mission-critical information systems. According to Eugene, this is an international problem. That is why the company is not limited to the Russian market and talk about these issues at the global level.

Protected OS

OS “Kaspersky Lab” is not a competitor to Windows or Mac. This product is for industrial and commercial systems. The point is to limit functionality and make a decision as safe and secure. Actually it is about smart emergency shutdown of the new generation, which takes into account the full range of indicators the company immediately and does not allow for an accident or as a result of improper actions of the operator, or as a result of errors in the software or as a result of cyber attacks. Among other things, this system can complement the traditional protection that will keep track of more sophisticated and complex scenarios happening.

According to “Kaspersky Lab”, the most secure environment for the control of the information infrastructure must meet the following requirements:

• Operating system can not be based on any pre-existing program code, so should be written from scratch.
• In order to ensure safety, it must be free of bugs and vulnerabilities in the kernel, controlling the other modules of the system. As a result, the kernel must be verified by means not allowing the existence of vulnerabilities and code dual purpose.
• For the same reason, the kernel must contain a critical minimum of code, which means that the maximum amount of code, including drivers, should be monitored by the kernel and run with low privileges.
• Finally, in this environment, there should be a powerful and reliable security system, which supports a variety of security models.

At the moment, the kernel of the “Kaspersky Lab” is only about 100 KB. Working title – 11.11. This is not a clone of Linux, QNX or other, it is a standalone product. He developed a few years, from scratch and completely in Russia. An important feature is that the OS does not depend on the hardware architecture. Actual prototype runs on x86 (PC), but on request can be adapted even for the ARM (smartphones).

“Kaspersky Lab” first in the world took up the development of such a decision. But the challenge is not to reinvent the wheel and do it all over again, but the fact that the interaction between the sites was under control. For example, data that are transmitted by different protocols at the pumps do not have any authentication. OS from “Kaspersky Lab” can prevent unauthorized access (in which you can remove the data to flash the firmware, and so on). In essence, then the OS acts as a firewall.

We asked the chief antivirus expert “Kaspersky Lab” Alexander Gostev tell about 11.11 more.

Now the market for operating systems for industrial production as such does not exist. Competition only at the level of software. Its a lot for different processors, operating systems, etc. We’re going to rise above it all. We absolutely does not matter what will be the operating system and device. We are trying to come up with something more. Originally it for industrial applications, but the idea of potentially universal and can be used in all areas down to mobile phones. Port it somewhere big is not working. This is a micro-kernel, notWindows code to his gigs. So that it can operate on any processor.

We refer to our OS 11.11, because the concept was born November 11, 2000. All this for a long time to stay on the level of ideas, which is gradually implemented. Set up a special team in Russia, and for almost 12 years, we continuously develop the project. Shy of the first cyber threats, we have accelerated the rate of development. That it will be sooner or later claimed, it was clear at once. Realize that we can all just five years ago. But the industrial system has no need of such things, it was not such a problem, no one attacked.Now the situation has changed, there was a demand for the protection of these systems.

We already have a few customers, and specific deadlines, but of the first projects I would say at the end. In any case, Kaspersky sees the future of our company in this area, not in the anti-virus.

Cyberthreats

“Kaspersky Lab” is active in the fight against cyber terrorism. 2012 marked the beginning of the era of cyberwar, the world learned that cyber weapons – it is not just science fiction tale, but the reality of today. Flame, Duqu, Stuxnet, Gauss – only the first “swallow”. The world has changed, and now the wars are fought in new ways. In these circumstances, cyber threats can be national or even international in scope. No wonder the NATO named Russia, Iran and China main kiberprotivnikami. In November, NATO countries will conduct exercises Cyber Coalition 2012, which will be tested scenarios cyberattack on NATO and retaliation.

Under this scenario, cyber attacks are Estonia and Hungary. As a result of the vital activity of the Estonian attack is completely paralyzed. In addition, hackers disabling military transport aircraft of NATO, which leads to his downfall. After these incidents, the NATO meeting decided to inflict retaliation, including by military means. It is known that Russia has also begun preparations for a possible cyber war. For example, recently the Ministry of Defense has announced a tender for the development of techniques to get the anti-virus systems, protection of operating systems and network security. For strengthening cyber security Russia early in the year and played the chief of staff Nikolai Makarov. He said that military action is increasingly being non-traditional methods and means, including in cyberspace.

As you can see, the attention of “Kaspersky Lab” to cyber threats is quite important. The latest discovery of the company became miniFlame – is a small and very flexible malicious program designed to steal data and control infected systems in targeted attacks, carried out to cyber espionage. Having entered into the system, mini-flame acts as a backdoor, allowing the operator to get the malware from infected machines any. Additional features associated with identity theft is to create snapshots of the infected computer at work in the individual programs and applications, such as browsers, Microsoft Office, Adobe Reader, services, instant messaging and FTP-clients. miniFlame sends stolen data by connecting to your server control (which can be dedicated or shared with the Flame). In addition, at the request of the operator at the control server mini-flame septic system can be downloaded plug-in to steal data, infect USB-drives and using them to store data collected from infected computers, without Internet connection.

miniFlame is a tool for precision attacks. Most likely, this cyber weapons with clear targets, used in the course of what may be called the second wave of cyberattacks. Initially used Flame or Gauss to infect as many victims and collecting large amounts of information. After this, the collected data are analyzed, defined and identified potentially interesting sacrifices, and already installed on their computers miniFlame for in-depth surveillance and cyber espionage.

We asked Alexander Gostev tell more about modern cyberthreats.

We are engaged in monitoring the operations of our anti-virus around the world. According to these statistics Russia first. Every other user of our product every month attacked. This is largely a consequence of the behavior of the network, in particular the set of sites visited. In Russia, this social networking, entertainment sites, torrents, etc., that is, sites at higher risk.

The situation in Russia will improve. The fact is that now in runet many newcomers who become victims. Over time, increase the level of knowledge and understanding of cyber threats. On the other hand, the earlier attack from Russia were mainly in the west. Now, 90% of cyber criminals working in Russia. This happened just over 5 years. The reason is simple – before Russia did not have online banking and other purposes for the attack.

The first place in China virus writers. 60-70% of all viruses that every day we find out. In second place Russian-speaking countries (Russia, Ukraine, Belarus, the Baltic States, etc.). While formerly there was a leader of Russia, but recently we overtakes Ukraine. There is even a labor migration – Russian cybercriminals go to Ukraine, where it is easier to operate, less risk of being arrested.

The specifics of the Russian cybercrime – is the creation of botnets. The main threat to the Russian users are blockers, extortionists and Trojans for online banking. And now we celebrate the shift from the West to Russia, because Western banks have introduced protection. Steal money from the Russian bank easier.

Ready for Windows 8

Another important topic of “Kaspersky Lab” at GITEX was the preparation of the company’s products for Windows 8. It is no secret that the interface of the new operating system from Microsoft is fundamentally different from what it was before. In addition, the new product is already integrated protection, and the need for a separate antivirus question. “Kaspersky Lab” has developed a new application Kaspersky Now, which is designed specifically for the new interface of Windows 8. It works with the latest versions of Kaspersky Internet Security and Kaspersky Antivirus. True, it is temporarily unavailable in Windows Store. This is due to the necessity of making a number of changes to meet the new specifications introduced by Microsoft for applications in the App Store. At the moment, “Kaspersky Lab” is working on an adaptation of the application and expects to end the year Kaspersky Now reappears in the Windows Store.

Kaspersky Now is an information panel, drawn up in accordance with the new “tile” interface Windows. C using the application, users can get information about the computer protection and license status, and view the latest news in the field of IT-security “Kaspersky Lab”. The new Kaspersky Internet Security has a function by which the product can monitor the status of applications for the new interface and mark the infected program. It also supports the ELAM.

An early start the anti-malware (Early-Launch Anti-Malware, ELAM) – a new concept to protect the entire Windows environment from malicious activities. It provides a starting safety certified product to launch third-party applications. With the component MeasuredBoot, which provides anti-virus solutions detailed information on all your Windows, running in the boot process, this new system to enhance security throughout the environment Windows. Kaspersky Internet Security can not only verify the integrity of the system and applications during the boot process, but also to treat an active infection. Under normal load the driver early start has minimal impact on system performance and load times, increasing its only for a few milliseconds.

We asked the Director of Product Development and Services Peter Merkulov, tell us more about the compatibility of Windows 8:

Windows 8 is important for us as it is for any other vendor. Therefore, work on improving, we started a long and firmly communicated with Microsoft. For us the main thing is to improve protection for users. Windows 8 has proposed several new technologies that allow you to download earlier in the anti-virus technology, to conduct an audit of how the load, etc. This feature was implemented long ago. Despite the fact that it is not visible, it provides a higher level of protection. Focus on our computers, because the position in tabletsWindows still weak.

In terms of the version Windows RT, which is designed for ARM-processors, Microsoft has moved to a more private and secure OS. In fact, in a medium -security Metro app is very little that can be done. Harder to catch events, each application is more isolated. In Metro-environment usually do small applications that communicate with a lot. This is not because the developers do not want to, but because there are limitations.We are no exception, our Metro-application will be Windows Store.

Now we look at how will demand Windows RT and how Microsoft will open up opportunities to do something.At the moment of opportunity. Similarly with Windows Phone – then Microsoft makes it very similar to theApple iOS operating system. More closed, with restrictions on the application functionality, including access to information, interaction, etc. This is potentially an interesting topic, a margin we have. Run anti-virus engine for ARM will not make the problem, but our task is to understand howMicrosoft sees the concept of security. I’m not sure that would be the place antivirus in the sense in which it exists in the desktop-processor.

Microsoft started using Windows 8 built-in security, because they estimate very few users install additional appropriate software. And this is a big threat. Their mission was to provide basic protection. They do not say that this is enough and that is the only thing that should be.Therefore, there is no tragedy for us, it does not carry. Definitely people will benefit from it. We did not suffer. In my view, the rapid development of tablet even has a greater impact on the antivirus than embedding protection in Windows.

As for the closed platforms, at the moment, for them it is impossible to create an antivirus product, meeting the requirements, for example,Apple. You can break the rules, but then there will be problems with delivery to the user, the application will not get to the store, for example,AppStore. Likewise with Windows Phone. You do not need to think that closing the Apple iOS is a guarantee of safety. If you look at the changes in versions, you can find a lot of vulnerabilities. Itself is also a jailbreak vulnerability. How successful will use these holes – time will tell.Our task is to point to them.

Performance – this is a separate focus of our work. For many years, we spend a lot of resources on performance. The results are very serious.You can take independent tests and see how our performance is related to the competition. Objective data show that everything is very good.When it comes to the preset vendors push very strict performance requirements. And if the product does not satisfy, from him just give up.Therefore, we are going through a variety of tests, measurements, and show that we can be better than the competition, and we pre-install.Sociological problem of perception, and fight very hard. And she has a very clear geolocation – Russia. In key European countries (Germany, France, etc.) we are the 1-2 places, but there are no questions.

We, as a company, always have done and are doing everything to change perceptions of our country, to represent Russia in the eyes of the public a country that can produce world-class products. Ranking fourth in the world in the area, we can say that successful enough to show that creating a world-class product. We have hundreds of millions of users on all continents.