Eva Chen has been in the anti-virus game longer than some of the aspiring virus writers who keep her busy have been alive. In the 13 years since she helped found Trend Micro Inc., Chen, the chief technology officer of the Cupertino, Calif., company, has been at the forefront of the battle against malicious code. She witnessed the birth of the first e-mail viruses and helped create the first Internet gateway virus protection product.
Senior Writer Dennis Fisher caught up with Chen recently to discuss what has been a busy last year for the anti-virus industry and what kind of insidious viruses we can expect to see in the near future.
eWeek: In the last year, weve seen a huge increase in the number of mass-mailer e-mail worms. Do you expect that trend to continue?
Chen: I think so. Well continue to see them because the purpose of a virus is to spread, and e-mail is the fastest way. But the viruses will become more complicated. Were seeing Visual Basic scripts embedded in e-mails that open in the preview pane, so the user doesnt even have to click on an attachment.
eWeek: Many people consider users to be at fault for spreading a lot of the viruses. What can be done about their habit of opening attachments?
Chen: Our strategy is to take control away from the users because theyre the weak link. We work at the gateway. Social engineering is still the best way to get your virus spread.
eWeek: The knock on anti-virus software has always been that it can only stop known viruses that it has seen before. How can you stop new viruses before they do their damage?
Chen: The best way is to analyze the engine that was used to create the virus and not the virus itself. With kits like the [Kalamar] one from Brazil, most of the viruses are just slight modifications of the original code. So we can look for the common code and behavior.
eWeek: But that doesnt always do the trick, either.
Chen: No. Catching the pattern is not the ultimate solution. But it helps. We caught the Anna Kournikova virus before it hit any of our customers because it came from that [Kalamar] engine. From analyzing the viruses, we can spot new patterns.
eWeek: So youre always playing catch-up with the virus writers, then?
Chen: In some ways, were just guessing and playing chess with them. Writing a virus is like smashing something with a hammer; we try to put it back together again.
eWeek: What kind of viruses do you expect to see hitting networks in the future?
Chen: The encrypted and polymorphic ones give us trouble because pattern-matching wont catch those. But I expect to see some mixed attacks. Someone may mix a virus with BackOrifice. Or if someone mixed a hacker agent with polymorphic code and a script virus. Those are the scary ones.
eWeek: What about mobile viruses?
Chen: There are two types of mobile viruses: applications like LibertyCrack and e-mail viruses. Weve already seen some e-mail ones in Japan, so its out there.