Bitdefender security researcher Bogdan Botezatu on government malware, surveillance and a second firewall alongside Windows Defender.
Bogdan Botezatu is working at Bitdefender as an IT security expert since May 2008. Botezatu has many years of experience in the areas of cyberware as well as mobile and social network malware.
Botezatu kindly answers the many questions of the Tarnkappe.info community. In Bucharest, he works for Bitdefender as Director of Threat Research & Reporting. Botezatu runs his own blog and is reachable via LinkedIn, Twitter and Facebook, for example.
Bogdan Botezatu about the history of Bitdefender
Tarnkappe.info: Perhaps you would like to elaborate a little on the history of Bitdefender? Who founded the company and with which motivation? What is your unique selling point, should there be one?
Bogdan Botezatu: The history of Bitdefender starts in 1990 in Bucharest, Romania, when the company’s CEO started a software outsourcing business. At about the same time, malware activity was increasing in Russia, Ukraine and Bulgaria and, because of our close proximity, Romania seeing most of it.
This happened right after the fall of the Communist block, when the Eastern European population was experiencing the transition to Western capitalism. As people were let go by now-closing factories and production facilities established by the Communist regime, some of them started using their solid knowledge in computer science and mathematics to create malware as a means to fight the Western „influence“ back. It was around this time when the Bitdefender parent company Softwin started developing the first security solution called AVX (AntiVirus Expert).
Botezatu: The fall of the Communist block changed a lot.
Throughout the years, AVX introduced a few premiers in cybersecurity:
– the first AV worldwide to offer intelligent updating and to include an application firewall
– MIDAS: Malware Intrusion Detection Advanced System awarded with the IST prize. Proprietary Antispam tech and the hourly update system released
– B-HAVE: Behavioral Heuristic Analyzer in Virtual Environments.
– Active Threat Control: proactive technology for live detecting and blocking of new threats in real time, on a live system.
Bitdefender is extremely good at detecting emerging, previously unknown malware. This is particularly important with the proliferation of ransomware, where one missed sample means the compromise of an entire network. These stellar detection capabilities are trusted not only by 500 million users worldwide, but are also licensed to competing security solutions around the world.
About intelligence services and government malware
Bogdan Botezatu: For more than 10 years, Bitdefender has been a trusted security partner, as we treat malware indiscriminately. Whether commercial or state-sponsored, Bitdefender will treat malware as malware. We have done this since the emergence of the „Bundestrojaner“ in 2011, when we released a free removal tool for all potential victims.
No state can pressure 50 independent security vendors simultaneously
Tarnkappe.info: Should the next federal government ensure that anti-virus programmes are generally not allowed to attack state malware, would one accept this new regulation of the legal basis without resistance? How could one even defend oneself against it?
Bogdan Botezatu: Most of these surveillance tools are run covertly – this means that governments will not warn external entities about their existence, as this will not be a secret any longer. Instead, states rely on highly complex malware in hope that it will be able to bypass potential security defenses. Here is where Bitdefender’s performance in detecting complex emerging malware comes to the rescue.
One extra point to this question is that competition in the cyber-security space is beneficial and restricts the ability of nation-states to control how malware is excepted. A state would be forced to pressure more than 50 independent security vendors to comply, which increases the chances of whistleblower reaction.
Working on behalf of the secret services?
Tarnkappe.info: Would Bitdefender build in a backdoor for law enforcement agencies or secret services? Such bills could come our way in the medium term. A reader asks: What would be the price of not being able to legally force Bitdefender to implement a backdoor?
Bogdan Botezatu: No. Our key mission is to protect against digital invasions indiscriminately. There is no and there will be no special treatment of government-sanctioned malware.
Tarnkappe.info: Okay, that’s probably how I would respond. ;-)
Questions about Bitdefender’s application
Tarnkappe.info: How did Bitdefender’s in-house VPN come about? Looking at the market, this is obviously very fashionable. With what background does one try to market own VPN services? Simply because one can earn a lot of money with it due to the enormous demand?
Bogdan Botezatu: The Bitdefender VPN solution attempts to address two main issues: the first one is the obvious privacy aspect, as more and more people are using devices while connected to potentially hostile or untrusted environments, and mobile apps often either send data in an unencrypted manner or do nott validate digital certificates before connecting. The second aspect is that we wanted a VPN solution with built-in web scanning, so users navigating the web with just the VPN solution will also get built-in phishing, fraud and malicious website detection. The reason for its existence is that VPN solutions add enormous value for customers and we wanted to offer this solution in a secure and privacy-oriented way.
Tarnkappe.info: Can you run a second firewall alongside Bitdefender with Windows 10? Does that make sense? What advantages or disadvantages would this have?
Bogdan Botezatu: No. Only one firewall can be active at a time on the system. Running two firewalls would increase the chance of connectivity issues and timeouts. A software firewall protects the computer from other threats already present in the local network. And it can block specific applications from accessing the Internet. It can be complemented with a hardware firewall running at the network perimeter to filter network traffic for all devices connected to the internal network.
Bogdan Botezatu: The combination of the Windows Defender and antivirus software brings security.
Tarnkappe.info: A user asks why one should invest money in an additional security solution when Microsoft’s own Defender also delivers good test results?
Bogdan Botezatu: This is a great question. The implications here vary from use case to use case. Microsoft currently offers Defender for Windows computers only. Most home ecosystems have a diverse array of devices – think Android phones, Macs or iPads, as well as several IoT devices. Dedicated security solutions offer agents for the entire ecosystem, which means that the home administrator can protect, monitor, renew and receive alerts from all these devices using a single bundle. For instance, a Bitdefender user can install security solutions for any of these platforms and manage them from Bitdefender Central, which eases management and monitoring.
The second aspect is related to the way antivirus works versus security suites. A security suite is made of layers of protection and other services that help you safeguard your digital world. People who need antispam, parental control, device location, vulnerability assessment and other advanced features usually look for a security solution, not an antivirus.
„There is safety in diversity.“
Last, but not least, there is safety in diversity. The multitude of security solutions that exist on the market prevent cyber-criminals from writing malware that bypasses all of these defenses. If computer users had just one antivirus option, it would be easier for attackers to create a piece of malware that goes around the „just one“ antivirus on the market. They would not be able to target every other security solution without an incredible, improbable investment.
„Telemetry reported by the operating system cannot be intercepted or blocked by a security solution without potentially breaking the operating system.“
Tarnkappe.info: What does Bitdefender do for data protection in connection with Windows 10? Keyword: Transmission of tracking and telemetry data to Microsoft servers.
Bogdan Botezatu: Telemetry reported by the operating system cannot be intercepted or blocked by a security solution without potentially breaking the operating system.
Tarnkappe.info: Some users have noticed many false positive virus reports for cracks and key generators. Is this coincidence or intentional? Have you ever been asked by a software producer to integrate a false virus message on purpose? You don’t have to name names anyway, but it would be interesting to hear if there have ever been such attempts.Bogdan Botezatu: This topic has been brought into discussion several times over the past few years. The reason is related to the way software cracks are designed, and I will ll try to address this as well as possible. Most software cracks, keygens or game „trainers“ are „packed“ with technologies that are often used by cyber-criminals to protect their malware. These packers modify code on the go, extract and drop additional files on the user’s computer. All these raise red flags as they mimic the behavior of malicious apps, which often triggers machine-learning and behavioral detection algorithms. We do not encourage this behavior not because of the vendor pressure, but because it is a bad practice that often leads people into running code with uncertain origin.
„We’ve been – as announced – not been bad lately.“
Tarnkappe.info: How do you explain the fact that, according to tests by av-test.org, the false/positive rate is still noticeably above the industry average?
Bogdan Botezatu: We are permanently working on this general issue for the security industry. Recently, the AV-Test came out. And we have now – as announced – not been bad lately. Find the data here enclosed.
Tarnkappe.info: Which browser does Bitdefender Safepay use to create a secure environment?
Bogdan Botezatu: Bitdefender Safepay is built on the open-source Chromium browser.
Bogdan Botezatu: „We take security extremely seriously (…)“
Tarnkappe.info: Why does Bitdefender delete unwanted software directly and not allow anything else? Doesn’t this take away the user’s control over his own device? Which weighs more heavily: the security of the device or the freedom of the user to make a mistake?
Bogdan Botezatu: Bitdefender takes security extremely seriously and customers trust us with automating security decisions. Unwanted software is not deleted, but rather quarantined, which moves the file into a secure location where it cannot be accessed. If this was done by mistake, users can just navigate the quarantine via the product’s interface, pick the files that they need and restore them to their original location. This way, users benefit from both security and freedom. To answer the second question, a single mistake can cost users their entire data. Ransomware often encrypts everything on the device as well as accessible network locations. One mistake can destroy years of data, most of it (such as photos) getting lost forever.
Tarnkappe.info: Bitdefender announced that the Bitdefender Rescue CD has reached the end of life on 1 August 2019. This free tool will no longer be available for download. As a result, they have also discontinued technical support for the Bitdefender Rescue CD. Why actually?
Bogdan Botezatu: As products and market context evolves, new tools are constantly created and retired. This is part of the normal lifecycle of a product. Bitdefender Total Security, Internet Security and Antivirus Plus have the Rescue Environment built in and available within one click, rather than requiring media download and the creation of a bootable environment.
We look into the future together with Botezatu.
Tarnkappe.info: How do you assess the market for antivirus solutions today or in five years? In other words: How could the market shares shift?
Bogdan Botezatu: In the next few years, security will become fundamental for both home users and corporations providing services for these users. The market has already started shifting with the proliferation of interconnected „things“. From smart health tools to facility management applications, the IoT is responsible for billions of new interconnected devices every year. We were used with installing protection of desktops, laptops, phones and tablets. But the new endpoints are different: they can be your smart car parked in the driveway, your internet-connected light bulb or your pet’s tracking collar. This paradigm shift demands that we rethink how we do security and, more importantly, where we place these security solutions.
At this point, more and more networking equipment manufactures go with cyber-security as an essential feature implemented at the router level. Internet service providers now offer customers routers and modems with security features, so all (or most of the) attacks get blocked cold at the gateway, before they reach a potentially vulnerable device inside the network. These directions are what will shift the cyber-security market and rearrange players.
Old but interesting video: The security expert speaking at CeBIT 2015.
Tarnkappe.info: Which things will determine which provider will be successful and which will not? Ease of use of the software? High detection rate of malware? Behaviour in the operating system? Or is it primarily the advertising budget that determines the success or failure of such a company?
Bogdan Botezatu: I would say that success and brand recognition are not one and the same. While marketing does contribute to brand recognition, it is innovation and mission that makes the difference and points towards success. And yes, detection plays a crucial role, as home users turn to security solutions to keep malware at bay.
How will our web look like in ten years?
Tarnkappe.info: What will the internet look like in five or ten years? Will it ever be possible to win the battle against cybercriminals? The whole thing strongly resembles a game of rabbit and hedgehog.
Bogdan Botezatu: Cyber-security is a continuous, asymmetric battle. Just like crime, cyber-attacks are here to stay and they will get worse before they get better. On one side, commercial threat actors are increasingly targeting people for easy money. Anything can be either directly exploited, traded or sold on underground markets and this is the new reality. On the other hand, nation-states are escalating cyber-warfare to exfiltrate information or launch massive surveillance programs against citizens or dissidents. In this context, cyber-security and privacy are two privileges that we work hard to protect.
More Regulations will come for sure!
Tarnkappe.info: In part, the WWW still reminds us a bit of the Wild West. What do you think: Will the EU or the federal government regulate the internet even more in the future?
Bogdan Botezatu: This is a very good observation: the internet has no physical borders and the separation of jurisdictions make it even worse. Regulations will come – we already see these implemented in frameworks such as the GDPR and NIST (as well as some efforts to set up guidelines for IoT manufacturers) but they are just half of the solution. There is a saying that cybersecurity is everyone’s business. And we believe that users should be reminded – and educated of the threats that may look on the Internet.
Mr. Botezatu, thank you very much for the interview!
Tarnkappe.info
