A Social Media Interview With Stefan Tanase

Stefan Tanase, Kaspersky Lab’s Senior Security Researcher, Global Research & Analysis Team, answers users’ questions about social networks, malware and everything in between. There is a saying: “information is power”

Stefan Tanase, Kaspersky Lab’s Senior Security Researcher, Global Research & Analysis Team, answers users’ questions about social networks, malware and everything in between.

There is a saying: “information is power” and that the modern internet looks like a “global trash can” – in that it contains totally non-relevant as well as very confidential data. Such confidential information can be accessed by anyone – big corporations and individual users. What is the awareness level of common Internet users regarding social engineering attacks and are users mentally prepared to defend themselves? By social engineer I mean someone who is masking himself as a friend of a victim to collect as much information as possible.

Social engineering is cheap and effective. That’s why Nigerian scams work and why you still receive them in your inbox. The human mind is the hardest thing to patch.

Social engineering was around even before computers, even before technology. But with the advent of the internet and especially social networks, getting personalized information which can be used in an attack is becoming increasingly easy. We have seen evidence that sophisticated attackers nowadays rely heavily on social networks for the majority of any targeted attack: the reconnaissance part.

“We have seen evidence that sophisticated attackers nowadays rely heavily on social networks for the majority of any targeted attack.” -Stefan Tanase

Popularity is prestigious, but also a huge responsibility. What is your opinion on Facebook’s security policy? Does this social media giant meet modern security demands (can Facebook users sleep peacefully), or maybe security is Facebook’s weak spot?

Social networks, including Facebook, have always tried to reach a very delicate equilibrium point: the balance between security and usability. The problem is security and usability are two things that never go hand in hand. If you want one, you have to forget about the other.

As web- based businesses, Facebook and others like it need to make their platforms as usable as possible, in the end generating as many views as possible. The more security restrictions a social network implements, the more likely some of their users will find it too difficult to use the website and leave.


How am I secured over Facebook and Twitter? Phishing that steals personal details takes place all over but phishing messages look more real on social sites than when they are emails in my inbox. How does Kaspersky help me with this?

Social networks are the ideal environments for phishing attacks. People are more likely to click on a link shared by a friend and this inherent trust is something cyber-criminals prey upon.  Malicious URLs can automatically share themselves with a victim’s personal contacts without the user’s knowledge, making the links appear legitimate.

That’s why Kaspersky Lab has partnered with Facebook to keep internet-users safe. Now, when Facebook users share or click a link shared by their friends, the link will instantly be compared against Kaspersky Lab’s database of malicious web pages.  If the link matches Facebook’s list of “known-bad” URLs – which are supplied to Facebook by Kaspersky Lab and other security vendors – the user will be immediately notified and blocked from visiting the web page.  This not only prevents the user’s personal information and computer from being put at risk, but also stops the malicious links from spreading further.


I just typed my name in a search engine and was surprised that my personal information was publically available. How can I stop this from happening using Kaspersky Lab?

Surprisingly, most internet- users have never googled themselves – so congratulations for doing it! Now you have an idea about what the internet knows about you. It’s probably a scary picture. But don’t panic, there are some things you can do about it. Considering the information available out there was mostly posted by yourself, like social networking profiles, forums, etc. – you can start going through each of these profiles and modify or close them according to your desires.


I have heard that Instagram wants to use our photos without paying royalties. Is that legally allowed? For example, can you use the image of a person’s face, without the proper rights for image?

What I can tell you as both a security expert and a hobbyist photographer is that generally, once your pictures are out there on the internet, be prepared to have them stolen or used without your permission sooner or later.

Specifically in the case of Instagram, I am not a legal expert, but I am pretty sure that by accepting their terms of agreement when you first created your account you’ve probably allowed them to do certain things with your pictures. Of course don’t forget that Instagram is a free service and you can stop using it at any time, especially if their new terms of agreement don’t seem appropriate anymore.


In 2013, what will be the greatest threats for laptops?

While the threat landscape for 2013 will still be dominated by cybercriminals making random, speculative financial gains on behalf of anyone unlucky enough to fall victim to them, targeted attackers have become an established group in the last two years. Such attacks are specifically tailored to penetrate a particular organization and are often focused on gathering sensitive data and confidential information. Targeted attacks can often be highly sophisticated. We can expect the growth of cyber-espionage to continue into 2013 and beyond. It’s easy to read the headlines in the computer press and imagine that targeted attacks are a problem only for large organizations, particularly those that maintain ‘critical infrastructure’ systems within a country. However, any organization can become a victim. All organizations hold data that is of value to attackers; and they may also be used as ‘stepping-stones’ to reach other companies. 


How can I tell if malware is included on a website?

I recommend using a modern browser like Google Chrome together with a powerful internet security solution, like the latest Kaspersky Internet Security 2013. It comes with web traffic filtering, a JavaScript emulator designed to proactively detect malicious code injected into websites and access to KSN (Kaspersky Security Network), our in-the-cloud infrastructure connecting more than 50 million users around the world. KSN offers real-time protection, including protection against malicious websites.


What are the precautions needed while doing an online transaction when a computer already has antivirus?

If you’re entering your credit card details on a website when making an online purchase, it is highly recommended that you use the virtual keyboard included in Kaspersky products to enter sensitive data, like your credit card number or CVV code.

Because of the increase in attacks targeting our customers’ financial details, Kaspersky launched the Safe Money technology – which protects your online transactions by making sure your sensitive financial details are secure in all stages of the payment process. It employs 3 levels of trust: trusted site, trusted connection and trusted environment.


I downloaded an Adobe Flash Player but all my programs are corrupted. All programs say “.exe files corrupted, cannot execute.” What should I do?

It looks like the problem is not with that specific Adobe Flash Player installer but with your whole system. By the way, are you sure it was actually Flash Player and not just a virus pretending to be it? I would advise a fresh install for your machine and please make sure you are running the latest Kaspersky product on it afterwards to avoid such problems in the future.


Any smart TV risks?

Our homes are getting smarter and smarter every day and smart TVs are just the first step towards the concept of having a “smart home.” While all this sounds nice, there are some risks involved, mostly coming from the fact that home appliances are changed much less often than other smart devices. You buy a phone every year or every two years, but you don’t change your TV or fridge that often. The problem is that software always evolves and vulnerabilities for old software always show up. I am worried that the smarter our homes will become, the more vulnerable they will be. Hardware manufacturers will want you to buy their latest TV set and will worry about updating the software on their 5 years old model later, if they ever get to updating it after that long.

“Cyber criminals usually target the users of social networks in two very simple ways: they either create fake profiles to spread malicious links from, or use the profiles belonging to people they’ve already infected to spread their links further into the network.” Stefan Tanase


How do you avoid spear phishing from someone you know?

Spear phishing is extremely hard to avoid. The usual scenario involves one of your contacts sending you an email which looks legit, but which contains a link or attachment that is going to exploit a vulnerability and infect your system. As filtering can’t be done at the email level (it’s not spam, it’s a targeted attack), the Kaspersky technology which will protect you is AEP – Automatic Exploit Prevention. It is our shield against advanced exploits including 0-days. Did you know that the latest Java 0-day exploits, which everybody was talking about last week, were proactively detected and blocked by our products using AEP technology ever since mid-December?


What is your view on stealthing firewalls? Is it a security risk to not have stealthed ports?

It is a security risk to keep ports unnecessarily open, of course, as it is a risk to accept incoming connections that were never requested in the first place. The firewall will always be the first pillar of defense on every computer connected to the internet.


Are Java vulnerabilities as dangerous as people say?

Recently we prepared an article on Java vulnerabilities. You can learn more here: http://me-en.kaspersky.com/blog/java-handle-with-care/


What are the most common methods used by hackers to target social networks? How can the user avoid those attacks? To what should we pay attention? Should Mac users also be worried about these attacks?

Cyber criminals usually target the users of social networks in two very simple ways: they either create fake profiles to spread malicious links from, or use the profiles belonging to people they’ve already infected to spread their links further into the network. Therefore, it is critical for any user to make sure they’ve applied the latest software patches, use the latest browser and have a powerful security solution that can help filter malicious links. Last but not least, always be wary of suspicious links (even if they are coming from your friends!) and suspicious people trying to become your friends. Only add people you’ve met in real life.

Even if you’re using a Mac you’re not safe anymore. 2011 was the year Mac malware really started appearing – mostly scareware back then. But then 2012 came and we saw the biggest Mac epidemic in history. The Flashfake worm managed to infect almost 1 million Macs worldwide, which is an astonishingly huge number.


Nowadays, many twitter accounts are being attacked. Is this social platform more vulnerable than, say, Facebook?

Twitter accounts are easier to hack than Facebook accounts ever since Facebook rolled out their Login Approvals feature, which is basically a 2-factor authentication. Twitter and Facebook accounts are targeted for different reasons. Yes, a Facebook account can bring a lot of personal information to an attacker, but a Twitter account with a lot of followers can surely bring a lot of traffic to a malicious link.


What should we do with malicious applications on Facebook that steal our personal data and send us spam?

Malicious applications need to be blocked and reported to Facebook.

I usually advise users to stick to using applications coming from trusted developers as well as thoroughly check the permissions an application requires before allowing it access to your profile.


What is the relevance of AV-Test and AV- Comparatives real-world tests and on-demand tests? I want an expert’s opinion for those who change their antivirus 10 times a year because of these tests.

Av-test and AV-comparatives are respected labs, maintaining a high standard of testing. Their real-world tests (against 0-day malware) are pretty relevant, but it is better to look at them at some 2-3 months periods, this is also a way for you to change products less often.

Regarding on-demand tests – I have to say on-demand test are way outdated, and I would not advise judging by them – they cannot estimate modern protection methods, so real life experience will differ.

If you really care about your protection and are willing to spend some time improving it, I would not be changing software. I would tweak the software settings. Most tests run on default settings and they are a trade-off between protection and ease-of-use. If you want, you can significantly increase protection by using Kaspersky software which is known for wide set of expert controls.

For example, in Kaspersky Internet Security you may set all unknown programs to become high restricted (not low restricted by default). That will block the majority of malicious activity, but it may require you from time to time to manually reset trust for new apps you install. You can also follow detailed instructions on our support site which can help you protect yourself from trojan-ransoms http://support.kaspersky.com/7193


Kaspersky’s impact on PC performance is high. Is it possible to minimize this impact?

Good protection always requires some use of computer resources. Other products may exist that claim they are antivirus solutions and operate faster than Kaspersky. However, their level of protection is not on par with Kaspersky Lab. We believe in offering the highest level of protection possible because it is important to protect against all viruses; this may require more operation needs from a PC than other software. Kaspersky Lab continues to explore new technologies that would allow us to move past operations like multi-level file scanning. New technologies would help us use fewer computer resources while ensuring a high level of protection.


Can Webroot Complete work with Kaspersky Pure? I’ve read that Webroot SecureAnywhere Complete doesn’t cause conflicts with other security programs. I had Kaspersky Internet Security and Webroot Essentials previously and they worked fine together.

Actually we don`t test Pure compatibility with Webroot SecureAnywhere Complete. But the Pure antivirus system is similar to Kaspersky Internet Security – there is a big chance that both programs work properly.


Do you have or plan to have any discounts for your loyal customers?

All customers that have bought our product even once have a discount for their next license update. Moreover, there is always a special offer for current customers – such as the ability to buy additional products like Password Manager with a discount. Please visit the Kaspersky Lab website for your country regularly. Such offers can also come via a notification system in the product itself.


Why are your products two or three times more expensive in some countries than in others?

How did you come to this conclusion? The fact is that in different countries the product is sold with different conditions, depending on the requirements and habits of local users, the average number of computers in the country, etc. In any case, the average price per package is $59 anywhere. For example, in some countries you can buy one product for three years and for three computers, in another you can buy one product for two computers for one year. It is clear that in the first case, if you count, the price for one year for one computer will be more profitable because that is sold at a more wholesale price.


During my regular Kaspersky security scanning, several vulnerabilities get identified. Some of them can be fixed, but with others I don’t have the option to “Fix now.” Can this put my security at risk? My PC contains sensitive data and I want to avoid external attacks because of vulnerabilities. Is there a way to solve this problem?

The fact is that consumer products are aimed at monitoring and detecting vulnerabilities in software installed on the computer, but are not responsible for their removal. In such cases the user must install the update for affected products. But please do not forget that a vulnerability is not malware. When malware is found, the Kaspersky product will remove it from the computer. Moreover, Kaspersky Lab products contain an Automatic Exploit Prevention system that will protect your computer even if vulnerabilities exist.


I once tried to use Kaspersky Rescue Disk to unlock my computer. But I did not succeed. What could have happened?

Unfortunately, Rescue Disc cannot work on all computer configurations. We update the lists of supported hardware all the time, but there will always be a configuration in which the disc will not work.


When will the new version of the plug-in for Firefox appear in Pure? The current version (for PURE 2.0) does not work with the latest version of the browser.

The new version of the plug-in will be launched with the new version of the product – Pure 3.0. Coming soon.