Karen Dearne | June 24, 2008
world according to | Dave DeWalt
SECURITY software maker McAfee has been tracking almost 10 million websites in 265 countries, and says Hong Kong, China, The Philippines, Romania and Russia are the most dangerous domains, with between 6 and 7 per cent of all sites rated as risky.
'A lot of the new threats are on the web,' says McAfee chief Dave DeWalt
The safest country for web surfing is Finland, followed by Japan and Norway, but Australia's .au domain is also safe, with risky sites rated at a low 0.27 per cent of the total.
Your report mapping malware on the web is quite alarming. What's happening out there?
The web continues to be a very dangerous place. A lot of the new threats are on the web. The internet is an incredibly useful and informative place, but it's also an incredibly insecure area to surf and shop.
We've been trying to map the World Wide Web to discover where the most malicious websites are. The latest report finds the Hong Kong domain, .hk, is the riskiest in the world, and sites on the China domain are also pretty scary.
Why Hong Kong?
It's a combination of things, but there's not much governance involved in authenticating domain names to actual owners of the businesses.
Australia has done well here, because anybody applying for a domain name has to authenticate themselves as a real, taxpaying, business owner.
In other parts of the world, where these requirements don't apply, any type of group can launch a website.
Almost one in five websites on the Hong Kong domain are very dangerous, meaning that malicious code will be downloaded to your machine while you are browsing the site.
Other types of identity theft or fraud may also occur while you are visiting those sites.
In security circles, there is a view that antivirus software is finished, because the volume of threats is overwhelming.
We don't agree with that. Antivirus vendors have been very effective in stopping most global virus outbreaks.
In the past couple of years, we haven't had breakouts because the software has been so effective - and we've done that despite the volume of malware we're seeing on a daily basis.
We're blocking it, we're preventing it - not in every case. There are regional breakouts from time to time, but we've done a good job.
Antivirus products are essential to solving those problems, but having said that, the models are evolving for how we prevent security problems from occurring on your computer.
There is certainly a push for more secure products to be built in the first place, so that users don't have to rely on security software.
That's right. Antivirus is now just one of a bunch of products that are important to consumers as well as businesses.
One of the biggest problems is the personal data you lose if your mobile phone or laptop is lost or stolen, and we've just released a new product to help with that.
McAfee Anti-Theft File Protection uses encryption to secure data on your devices, effectively locking out intruders if the device is lost.
Data loss prevention (DLP) is a new segment for the security industry. What are you doing there?
This is a pretty big problem for every company.
Losing information is a never pleasant experience.
We've made a few acquisitions in this area. Data loss, data theft and piracy of information are probably the biggest trends in security right now.
There are a lot of challenges, but we've worked hard as a vendor to find technologies to help solve them.
What's focusing attention on DLP in the US? In Australia we're lagging behind.
The new drivers are compliance and data privacy laws.
In the US we're seeing a lot of legislation, whether its HIPAA in the health insurance industry, financial compliance with Sarbanes-Oxley, or merchant compliance with the Payment Cards Industry standard.
Australia is also looking at data privacy legislation and certainly data breach notification laws are well established in the US now.
What products are you looking at for DLP?
We recently acquired SafeBoot, a company that does policy-driven encryption. DLP starts with encryption, because if you lose information it can't be accessed. Then you need monitoring and management of data that might be leaving the enterprise.
Ninety per cent of all data loss happens because of insiders - essentially employees or contractors who have access to data. Of that, 70 per cent is accidental, because someone lost a laptop or a memory stick, or emailed something without realising it was confidential.
A lot of companies are trying to prevent accidental loss by insiders, setting policies on email and the distribution of data.
If you can do that you stop a lot of the problems. Yet many companies don't have any policies about what you can email and who you can email it to, or whether you can use webmail, such as Yahoo.
What happens when a breach of email policies is detected?
The product monitors outgoing email, looking for specific data sets that might be confidential information, then it blocks the email, so it's not sent.
We have technologies on the network as well as on the host or the end point to monitor and manage data loss.
We do filtering and blocking of email and web transmissions, and we also do it on the ports of the computer, so you can't accidentally copy information to a USB stick.
If somebody sends something out maliciously, obviously that will be blocked as well.
The rules can be set up any way a company wants. In some cases, we just create a reporting policy. Sometimes it's a real-time alert to a manager.
If it's really important information, such as financial data that could create disclosure requirements for the company, you might have a different policy from someone sending out rugby scores.
Are businesses here interested in taking up DLP?
We're seeing very rapid takeup, largely because of compliance.
Corporations are very concerned about losing data but it's the embarrassment that really hurts.
You only have to think of the recent Whitehall scandal, in which someone lost documents about al-Qaida and terrorism. That data exposure was sensational news, and it's what businesses and government agencies are trying to avoid.
In the US, companies are required to notify people when there has been a data breach. If you don't know what information you've lost, you can't notify.
Yes, this is the reporting to customers side of things. A large US bank that lost customer information recently had to send out 1 million letters to consumers. Can you imagine what that cost, not to mention fielding phone calls from concerned customers and the cost of damage to the brand?
This has been going on for years, but consumers weren't necessarily aware of it. That's why the laws have been put in place. If somebody compromises my credit card information, I would like to know about it.
What's your business strategy? Do you plan to focus more on enterprise customers, rather than consumers?
We're very balanced on that. We do about 40 per cent of our business with consumers and about 60 per cent with corporations worldwide.
We're a multibillion-dollar company, and both segments are important to us.
The technology that we build for consumers and grows all the way up in corporations, so it's a little easier for us to do both, but we continue to beef up what we do as a security vendor through acquisitions.
We recently bought ScanAlert, a powerful piece of technology that constantly scans the web and websites for new threats, which we can then immediately post for the consumer.
We also have a seal, McAfee Secure, that is scanning websites for emerging threats every minute of every day.
There has been a lot of consolidation, and some security vendors have been bought by businesses needing that expertise in their portfolio. Have you been fighting off suitors?
McAfee has quadrupled its growth rate in the past year. We've grown two or three times faster than our nearest competitors, Symantec and Trend Micro.
We tend to look for opportunities. We're a consolidator ourselves and we'll continue to acquire a couple of companies a year.
We believe the opportunities in security are so big that we don't focus on other markets.
Unlike some of our competitors, we only do security, and that has been a big advantage as we've grown.