7 Tutorials中感兴趣的主题之一是安全性。我们不仅撰写有关如何获得安全计算体验(computing experience)的文章和教程,而且还定期审查安全产品。我们想进一步了解的一件事是安全产品是如何制造的:涉及哪些步骤?最重要的挑战?幸运的是(Luck),我们有机会与Bitdefender的社交媒体经理(Social Media Manager)Alexandru Constantinescu会面,他立即说:“嘿!为什么不来拜访我们,向我们的团队了解更多信息?我们接受了邀请并今天(invite and today)我们可以与您分享有关如何制造安全产品的广泛讨论。”
我们的讨论伙伴
BitDefender是一家安全公司(security company),不需要太多介绍。或者至少对我们的读者来说不是。他们是罗马尼亚领先的(Romania)安全公司(security company),他们开发的安全产品获得了很多赞誉和赞赏(praise and appreciation)。他们的产品不断出现在顶级安全解决方案列表中。
我们去了位于布加勒斯特的BitDefender总部(Bucharest),(BitDefender headquarters)并与首席安全研究员(Security Researcher)Cătălin Coşoi(Cătălin Coșoi)(上图)和高级产品经理(Product Manager)Alexandru Bălan进行了长时间的讨论。他们都是知识渊博且友好的人,我们很高兴与他们进行这次谈话。
安全产品是如何制造的
我们没有在介绍上浪费太多时间,我们立即开始了对话。
在开发新版本的安全产品(例如 Internet 安全套件)时,您经历了哪些阶段?(What are the stages you go through, while developing a new version of a security product, such as an Internet Security Suite?)
这种方法与典型的软件开发项目(software development project)并没有什么不同。假设我们刚刚推出了 2012 版产品。发布结束后,我们就开始开发 2013 版本。首先(First),我们决定将在下一个版本中引入的一组功能和更改。
为了确定将对下一个版本产生重大影响的功能,我们与几位受众进行了讨论:审阅者、安全专家、技术专家和能够让我们深入了解哪些有效、哪些无效以及哪些方面的用户可以在下一个版本中正常工作。最重要的是,我们自己的技术团队会根据他们的专业知识和他们希望将产品带到何处的愿景提供意见。(expertise and vision)我们还进行市场分析(market analysis),以更好地了解其他公司的发展方向。基于所有这些输入,我们会调用下一个版本中包含的内容和不包含的内容。
然后,我们有开发阶段(development stage),包括几个测试阶段。首先(First),我们在测试我们的预测试版软件时有一个内部预览。接下来,我们有几个 beta 阶段:
- 内部测试版——(beta –)就像内部预览版一样,但测试产品的受众略大;
- 私人测试版——(beta –)我们从公司外部选择一个封闭的用户圈来测试产品。我们涉及多达几千名用户,我们会选择我们认为有帮助的人。我们包括知识渊博的用户、与我们有更长时间合作的人、我们重视其意见的技术专家等;
- 公开测试版 -(beta –)它发生在实际发布前2(place 2)到 3 个月。此时,任何有兴趣的人都可以拿起产品,测试它并提供反馈。
在 Beta 阶段,我们会不断地对产品进行微调,并且在发布之前,我们有一个小的时间窗口来进行最后的润色。然后发布开始,营销、公关、销售和其他团队参与制作所需的嗡嗡声,而开发团队(development team)处理可能出现的任何问题。
事实上,它听起来与其他软件开发项目没有什么不同。但是,开发安全软件这一利基市场是否存在特定的挑战?(Indeed, it doesn't sound different from other software development projects. However, are there any challenges specific to this niche of developing security software?)
这必须是对真正意义上的敏捷性的需求。它是我们利基市场的关键,比任何其他软件开发(software development)线都重要。为了保护我们客户的计算机、网络和设备,我们必须非常快速地响应新的威胁。一般来说,一天内不会出现很多新类型的威胁。大多数恶意软件只是旧恶意软件的演变,我们发现通常很容易处理这个问题。然而,当真正的新事物出现时,我们必须迅速采取行动。在短短几个小时内,您必须至少更新您的定义或启发式方法,以确保您的客户安全。
更难的是,为了应对新威胁,仅更新我们的定义是不够的,我们必须在产品中开发新功能。这不仅会影响我们客户当前使用的产品,还会影响我们正在开发的新产品。
让我们以Facebook为例。随着它越来越受欢迎,它成为分发垃圾邮件和恶意软件(spam and malware)的常用工具。正如您所料,我们一直关注这个社交网络,监控通过它传播的恶意软件链接,并将它们包含在我们的云数据库中。但是,我们认为有必要开发一种新工具,以更好的方式处理Facebook 上的恶意软件。(Facebook)这就是我们创建BitDefender SafeGo概念的方式(该产品也在7 个教程(7 Tutorials)中进行了评论)。2010 年秋季,我们推出了该产品的第一个版本,后来,它成为我们安全产品不可或缺的一部分,例如BitDefender Internet Security Suite 2012。
的确,一个很好的例子。说到 BitDefender SafeGo – 您是否打算像今天一样将其作为免费产品提供给非付费客户?(Indeed, a great example. Speaking of BitDefender SafeGo – do you intend to keep it available also as a free product for non-paying customers, as is today?)
是的,我们的商业安全产品以及免费的Facebook 和 Twitter 应用程序(Facebook and Twitter app)都将提供该产品。那是因为Facebook 上(Facebook)的安全问题将继续存在和蔓延。该产品帮助我们更快地识别恶意软件并保护我们的付费和非付费客户。此外,我们认为免费提供此工具有助于提高可能未听说过我们的客户对BitDefender的认识。(BitDefender)如果他们喜欢BitDefender SafeGo,我们更有可能让他们考虑我们开发的其他安全产品。
还有其他什么时候需要高敏捷性的例子吗?(Any other examples of when great agility is needed?)
我们尽最大努力做的另一件事是尝试发现满足人们其他类型安全需求的机会,而不仅仅是您的标准病毒检测和保护(virus detection and protection)。例如,如果您还记得有关Carrier IQ的争议——许多移动供应商安装的一款软件,它会在不通知用户或允许他们选择退出的情况下记录位置等信息。尽管这不是恶意软件,而是由您的移动运营商(mobile carrier)预先安装在您的手机上,但许多人想知道他们是否在手机上安装了它。当我们得知这件事时,那是一个星期六(Saturday)。我们团队的一个成员去办公室,花了大约 3 到 4 个小时,从零开始开发了一个免费的产品,为安卓(Android)用户。它被称为Bitdefender Carrier IQ Finder,它允许Android用户快速了解他们是否被跟踪。
让我们谈谈云计算。我们看到它越来越多地用于安全产品。一些供应商甚至在其产品中仅提供基于云的安全性。您如何看待这种方法?(Let's talk a bit about cloud computing. We see it used more and more in security products. Some vendors even offer only cloud-based security in their products. What do you think about this approach?)
云(Cloud)计算无疑在安全解决方案领域发挥着重要作用。但是,我们相信同时使用定义数据库和云的混合方法可以提供最佳结果。仅使用云时,您依赖于Internet 连接(Internet connection)。如果它消失了,系统仍然不受保护。混合使用恶意软件定义和云,可以在大多数计算场景中提供更好的结果。
您是否计划在未来更多地使用云计算?甚至可能采用相同的仅限云的方法?(Do you plan to use cloud computing even more in the future? Maybe even take the same cloud-only approach?)
并不真地。我们相信使用最适合目的的技术。例如,如果我们想保护用户的网络浏览器,那么我们只使用云。恶意网站是一样的,与人们用来访问它们的操作系统和浏览器无关。此外,如果没有Internet 访问权限(Internet access),用户将无法浏览网页。因此,如果云保护(cloud protection)也不可用,也没有问题。
对于防病毒,我们认为最好同时使用经典定义和云。当由于Internet 连接(Internet connection)中断而导致云不可用时,这些定义有助于提供保护。此外,它们使文件和应用程序的行为分析比尝试将云用于相同目的时运行得更快。当我们的软件进行任何类型的行为和动作分析(action analysis)时,定义提供的速度比云计算的更快。
告诉我们更多关于 BitDefender 用于保护系统的技术。(Tell us a bit more about the technologies BitDefender uses to protect a system.)
一般来说,在BitDefender产品中,有三种主要的技术用于保护系统:
- Behave – 监控和学习应用程序的一般行为;
- 主动病毒控制(Active Virus Control)——监控应用程序采取的行动,并阻止(application and blocks)那些可疑或恶意的行动。
- 云(Cloud)——从大量来源收集有关恶意软件的信息并不断更新自身。我们产品中包含的几乎所有保护模块都使用来自云端的数据。
您发现和了解新型恶意软件的来源是什么?(What are your sources for finding and learning about new forms of malware?)
总的来说,我们有很多资源可用于了解新病毒和恶意软件:
- 蜜罐;
- BitDefender SafeGo,同时支持Facebook 和 Twitter(Facebook & Twitter);
- 从我们客户的计算机发送(data sent)的有关感染和可疑活动的数据;
- 我们与其他安全提供商的合作;
- 公共恶意软件数据库。
蜜罐。听起来很有趣。告诉我们更多关于它们的信息。它们到底是什么?(Honeypots. That sounds interesting. Tell us a bit more about them. What exactly are they?)
蜜罐(Honeypots)是我们分布在网络中的系统,充当受害者。他们的角色是看起来像易受攻击的目标,这些目标拥有有价值的数据。我们持续监控这些蜜罐并收集各种恶意软件和(malware and information)有关黑帽活动的信息。
我们做的另一件事是广播由垃圾邮件发送者从Internet(Internet)自动收集的虚假电子邮件地址。然后,他们使用这些地址来分发垃圾邮件、恶意软件或网络钓鱼电子邮件。我们收集我们在这些地址上收到的所有消息,对其进行分析并提取所需的数据以更新我们的产品并确保我们的用户安全且无垃圾邮件。
假设您刚刚发现了一个新的恶意软件。你用它做什么?您如何了解它的作用以及如何最好地对系统进行消毒?(Let's assume you just identified a new piece of malware. What do you do with it? How do you find out what it does and how to best disinfect a system?)
至少最初我们对了解该恶意软件的功能并不感兴趣。我们有兴趣了解它的行为是否可疑,是否是病毒。这使我们的产品能够采取行动并执行诸如切断对网络的访问或(network or place)隔离该恶意软件之类的事情。
所有识别出的新恶意软件都会自动发送到我们位于雅西的(Iaşi)研究实验室(research lab)。那里的团队负责解构病毒,了解它们的作用并使用适当的信息更新我们的定义数据库。
说到研究团队,请告诉我们更多关于他们以及他们在“黑客”病毒方面的工作。(Speaking of the research team, tell us a bit more about them and their work on "hacking" viruses.)
嗯,从各个角度来看,他们都是非常专业的团队,在非常封闭的环境中工作。例如,我们不希望它们处理的病毒散播到野外或传播(wild or spread)到我们自己的网络中。他们都是安全专家,擅长从加密到流利使用多种编程语言(包括汇编语言(Assembly language))、互联网协议知识、黑客技术等。
他们负责解密病毒代码并使用适当的信息更新我们的定义数据库。然而,在他们开始自己创建定义更新(definition update)之前,他们必须经历一个耗时 9 个月的漫长的培训和专业化过程。(training and specialization)在他们完成所有必要的培训并证明他们知道自己必须做什么之前,他们不得单独使用我们的定义数据库。
此外,如果您愿意这样称呼它,我们想澄清一个都市传说:许多人认为最好的黑客和病毒制造者会被包括BitDefender在内的安全公司雇用。至少就我们公司而言,这是不正确的。在招聘过程中(hiring process),我们会过滤掉所有创建恶意软件或进行任何类型的黑帽黑客攻击的候选人。
我们更愿意加入我们可以信任的团队成员。我们希望人们加入我们,因为他们喜欢巨大的安全挑战(security challenge),并且不会将他们的技能和智慧用于自私的目的。我们研究团队(research team)中的每个人都至少可以创建自己的病毒,即使不入侵更复杂的系统。然而,他们不这样做是因为他们认为这不是正确的做法,也不是正确使用他们的才能。此外,我们公司不会容忍这种行为。
您的产品多久在服务器上查找新定义?(How often do your products look for new definitions on your servers?)
每 45 至 60 分钟一次。尽快提供新的定义对我们来说非常重要。有时,如果特定情况需要,我们还会发送推送通知,以便我们的安全产品立即更新自己,而不必等待预定的更新发生。我们希望能够在我们学到新东西后立即发送数据。但是,从技术角度来看,这是不可行的,它会破坏我们用户的计算体验。这就是为什么我们将推送通知和更新保持在最低限度,并且仅在真正有意义时才使用它们。
您是否与其他公司合作并分享有关最新安全威胁的知识和信息?(Do you collaborate with other companies and share knowledge and information about the latest security threats?)
是的,我们有。我们与其他 6 家公司合作,包括我们获得技术许可的合作伙伴,例如F-Secure 或 G-Data(F-Secure or G-Data)。但是,我们不能透露其他公司的名称。
您在不一定有助于增强系统安全性的次要功能上投入了多少?我指的是总体安全套件中主要包含的功能,例如:家长控制、文件备份、文件同步等。(How much do you invest in the more secondary features, that don't necessarily contribute to enhancing the security of a system? I'm referring to features included mostly in Total Security Suites, such as: Parental Controls, File Backup, File Synchronization, etc.)
显然,防病毒、防火墙、反垃圾邮件等安全套件(security suite)的经典功能是我们团队工作的主要重点,并获得了我们公司大部分的开发资源。但是,对于我们在产品中提供的每个次要功能,我们确实有专门的团队,他们根据需要配备人员,具体取决于维护这些模块所需的工作量。您可以想象,我们不需要像防病毒保护引擎那样多的人在(antivirus protection engine)家长控制(Parental Controls)上工作。
BitDefender 拥有经典的产品系列:BitDefender Antivirus、Internet Security Suite、Total Security Suite 和 Sphere,它为最多 3 个用户提供了一个许可证,他们可以在您支持的任何平台上使用您提供的顶级安全套件无限数量的设备。这些概念中哪一个最受您的用户欢迎?他们更喜欢 Total Security 套件的附加功能还是更经典的安全产品?(BitDefender has a classic line-up of products: BitDefender Antivirus, Internet Security Suite, Total Security Suite and Sphere, which offers a license for up to 3 users that can use the top security suite you provide, on any platform you support, on an unlimited number of devices. Which of these concepts is most popular with your users? Do they prefer the added features of a Total Security suite or the more classic security products?)
BitDefender Internet Security Suite绝对是我们最受欢迎的产品。有些人喜欢 Total Security Suite的附加功能,但他们是少数。然而,我们对我们的新BitDefender Sphere 产品(BitDefender Sphere product)所获得的成功和积极的反馈感到惊喜。似乎很多人都喜欢拥有可以保护他们的 PC、Mac(Macs)和基于 Android 的智能手机或平板电脑的统一安全解决方案。(security solution)他们非常享受购买一个更实惠的许可证来保护他们家中的所有计算设备的灵活性。
最后但同样重要的是,让我们谈谈 Windows 8 及其新的 Metro 界面。您是否计划提供专为新触摸界面设计的安全解决方案?你们会为 Windows 8 平板电脑提供单独的安全产品吗?(Last but not least, let's talk a bit about Windows 8 and its new Metro interface. Do you plan to offer security solutions designed for the new touch interface? Will you provide separate security products for Windows 8 tablets?)
我们肯定致力于为Windows 8和新的Metro 界面(Metro interface)提供一些令人兴奋的产品。Metro面临的挑战是应用程序在限制和有限权限下运行。他们不像桌面(Desktop)应用程序那样拥有对系统的完全访问权限。因此,我们需要想办法解决这个问题并提供有效的保护。
但遗憾的是,我们无权讨论有关我们的Windows 8安全产品计划的更多细节。我们将能够在Windows 8即将完成并可用时提供更多信息。(information closer)
结论
正如您从这个讨论中看到的那样,开发一个好的安全解决方案(security solution)绝非易事。它涉及大量工作、计算、网络和安全(networking and security)的不同方面的知识。我们希望您发现这次对话有趣(conversation interesting)且有助于更多地了解所涉及的整个过程。
在结束本文之前,我们要感谢BitDefender向我们发送此邀请,并让我们有机会与他们的一些最优秀的专家进行非常有趣的对话。
How Security Products Are Made - A Discussion with Bitdefender
One of the topics of interest at 7 Tutorials is security. Not only we write articles and tutorials about how to have a safe computing experience but we also review security products on a regular basis. One of the things we wanted to learn more about, is how security products are made: what are the steps involved? the most important challenges? etc. Luck has it that we got the chance to meet with Alexandru Constantinescu - Social Media Manager at Bitdefender, who immediately said: "Hey! Why don't you pay us a visit and learn more from our team? We accepted the invite and today we can share with you an extensive discussion about how security products are made."
Our Discussion Partners
BitDefender is a security company which should not require much of an introduction. Or at least not to our readers. They are the leading security company in Romania and they develop security products which received lots of praise and appreciation. Their products are constantly showing up in lists with top security solutions.
We went to the BitDefender headquarters in Bucharest and had a lengthy discussion with Cătălin Coșoi - Chief Security Researcher (in the picture above) and Alexandru Bălan - Senior Product Manager. They are both very knowledgeable and friendly people, with whom we enjoyed having this conversation.
How Security Products are Made
We did not waste a lot of time on introductions and we immediately started our conversation.
What are the stages you go through, while developing a new version of a security product, such as an Internet Security Suite?
The approach is not really different from your typical software development project. Let's say we just launched the 2012 version of our products. As soon as the launch ends, we start working on the 2013 version. First, we decide on the set of features and changes that will be introduced in this next version.
In order to identify the features that will have a great impact for the next version, we have discussions with several audiences: reviewers, security experts, technical experts and users who are able to give us insights on what works, what doesn't and what could work well in the next version. On top of that, our own technical team gives input based on their expertise and vision of where they would like take the product. We also do a market analysis to better understand the direction(s) where other companies are heading. Based on all these inputs, we make a call on what gets included in the next version and what doesn't.
Then, we have the development stage, with several test phases included. First, we have an internal preview when we test our pre-beta software. Next, we have several beta stages:
- An internal beta – just like the internal preview, but with a slightly bigger audience testing the product;
- A private beta – where we choose a closed circle of users from outside the company to test the product. We involve up to a few thousand users and we choose people whose feedback we consider helpful. We include knowledgeable users, people with whom we had a longer collaboration, technical experts whose opinion we value, etc.;
- A public beta – it takes place 2 to 3 months prior to the actual launch. At this time, anyone interested can pick up the product, test it and provide feedback.
During the beta stages we fine-tune the product on a continuous basis and, just before launch, we have a small time-window to make the final touches. Then the launch takes place, where marketing, PR, sales and other teams are involved in making the required buzz, while the development team handles any issues that might come up.
Indeed, it doesn't sound different from other software development projects. However, are there any challenges specific to this niche of developing security software?
That would have to be the need for agility in the truest sense of the word. It is key to our niche, more than in any other line of software development. In order to protect our client's computers, networks and devices, we must be very fast in responding to new threats. Generally, you don't have many new types of threats appearing in a day. Most malware is simply an evolution of older malware and we find it generally easy to deal with this. However, when something truly new comes up, we must act very fast. In only a few hours you have to deliver at least an update to your definitions or heuristics that will keep your clients safe.
It is even harder when, in order to answer to a new threat, it is not enough to update our definitions and we must develop a new feature in our product. This impacts not only the products currently used by our customers but also the new products we are developing.
Let's take for example Facebook. As it grew in popularity, it became a frequent tool for distributing spam and malware. As you would expect, we always had an eye on this social network and monitored the malware links being spread through it and included them in our cloud database. However, we felt the need to develop a new tool that deals with malware on Facebook in a better way. This is how we created the concept for BitDefender SafeGo (a product reviewed also on 7 Tutorials). In the autumn of 2010 we launched the first version of this product and later, it became an integral part of our security products, such as BitDefender Internet Security Suite 2012.
Indeed, a great example. Speaking of BitDefender SafeGo – do you intend to keep it available also as a free product for non-paying customers, as is today?
Yes, this product will be available both in our commercial security products and as a free Facebook and Twitter app. That's because security problems on Facebook will continue to exist and spread. This product helps us identify malware faster and protect both our paying and non-paying customers. Also, we think that making this tool available for free helps raise awareness about BitDefender to customers who might not have heard about us. If they like BitDefender SafeGo, we have a higher chance of them considering other security products we develop.
Any other examples of when great agility is needed?
Another thing we do our best to do, is try to spot opportunities for meeting other types of security needs people have, not only your standard virus detection and protection. For example, if you remember the controversy about Carrier IQ – a piece of software installed by many mobile vendors, that was logging information such as location without notifying users or allowing them to opt-out. Even though this was not a piece of malware and was preinstalled on your phone by your mobile carrier, many people wanted to know if they had it installed on their phones or not. When we learned about it, it was a Saturday. A member of our team went to the office, spent about 3 to 4 hours and developed a free product from scratch, for Android users. It is called Bitdefender Carrier IQ Finder and it allowed Android users to quickly learn if they are being tracked or not.
Let's talk a bit about cloud computing. We see it used more and more in security products. Some vendors even offer only cloud-based security in their products. What do you think about this approach?
Cloud computing definitely has an important role in the space of security solutions. However, we believe that a hybrid approach which uses both definition databases and the cloud, delivers the best results. When only the cloud is used, you are dependent on the Internet connection. If that's gone, the system remains unprotected. Having a mix of malware definitions and the cloud, delivers better results in most computing scenarios.
Do you plan to use cloud computing even more in the future? Maybe even take the same cloud-only approach?
Not really. We believe in using those technologies that best fit the purpose. For example, if we want to protect the web browser of a user, then we use only the cloud. Malicious websites are the same, indifferent of the operating systems and browsers people use to access them. Also, if there is no Internet access, the user cannot browse the web. Therefore, there is no problem if the cloud protection is also unavailable.
For the antivirus we believe it is best to use both classic definitions and the cloud. The definitions help provide protection when the cloud is not available due to an Internet connection drop-out. Also, they make the behavioral analysis of files and applications run faster than when trying to use the cloud for the same purpose. When our software is doing any kind of behavioral and action analysis, the definitions provide more speed than the cloud does.
Tell us a bit more about the technologies BitDefender uses to protect a system.
In general, in BitDefender products there are three main technologies that are used to secure systems:
- Behave – this monitors and learns the general behavior of your applications;
- Active Virus Control – monitors the actions taken by an application and blocks those which are suspicious or mal-intentioned.
- Cloud – gathers information from lots of sources about malware and updates itself continuously. The data from the cloud is used by almost all protection modules included in our products.
What are your sources for finding and learning about new forms of malware?
We have many sources for learning about new viruses and malware in general:
- Honeypots;
- BitDefender SafeGo, with its support for both Facebook & Twitter;
- The data sent from our clients' computers about infections and suspicious activities;
- Our collaboration with other security providers;
- Public malware databases.
Honeypots. That sounds interesting. Tell us a bit more about them. What exactly are they?
Honeypots are systems we distributed across our network, that act as victims. Their role is to look like vulnerable targets, which have valuable data on them. We monitor these honeypots continuously and collect all kinds of malware and information about black hat activities.
Another thing we do, is broadcast fake e-mail addresses that are automatically collected by spammers from the Internet. Then, they use these addresses to distribute spam, malware or phishing e-mails. We collect all the messages we receive on these addresses, analyze them and extract the required data to update our products and keep our users secure and spam free.
Let's assume you just identified a new piece of malware. What do you do with it? How do you find out what it does and how to best disinfect a system?
At least initially we are not that interested in learning what that piece of malware does. We are interested to learn if its behavior is suspicious or not, if it is a virus or not. This allows our products to act and do things such as cut access to the network or place into quarantine that piece of malware.
All the new pieces of malware that are identified get sent automatically to our research lab in Iaşi. The team there takes care of deconstructing the viruses, understanding what they do and updating our definitions database with the appropriate information.
Speaking of the research team, tell us a bit more about them and their work on "hacking" viruses.
Well, they are very specialized team that works in a very closed environment, from all perspectives. For example, we don't want viruses they work on, to get out in the wild or spread into our own network. All of them are security experts skilled in things that vary from encryption to being fluent with multiple programming languages (including Assembly language), knowledge of internet protocols, hacking techniques, etc.
They are in charge of decrypting the code of a virus and updating our definitions databases with the appropriate information. However, before they get to work on creating a definition update on their own, they must go through a lengthy process of training and specialization that takes 9 months. They are not allowed to work with our definition databases on their own until they have gone through all the required training and have proven that they know what they have to do.
Also, we would like to clarify an urban legend, if you would like to call it that way: many believe that the best hackers and virus makers get hired by security companies, including BitDefender. At least when it comes to our company, this is not true. During the hiring process, we filter out all the candidates who have created malware or have done any kind of black-hat hacking.
We prefer to be joined by team members whom we can trust. We want people to join us because they enjoy a great security challenge and do not use their skills and intelligence for selfish purposes. Everyone in our research team can at least create their own virus if not even hack a more complex system. However, they don't do it because they believe it is not the right thing to do and not the correct use of their talents. Also, our company would not tolerate this kind of behavior.
How often do your products look for new definitions on your servers?
Once every 45 to 60 minutes. It is very important for us to have new definitions delivered as soon as possible. Sometimes, if a given situation requires it, we also send push notifications, so that our security products update themselves immediately and don't wait for the scheduled update to take place. We would like to be able to send data as soon as we learn something new. However, that is not feasible from a technical perspective and it would ruin the computing experience of our users. That's why we keep push notifications and updates to a minimum and use them only when it really makes sense.
Do you collaborate with other companies and share knowledge and information about the latest security threats?
Yes, we do. We collaborate with 6 other companies, including our partners to which we licensed our technology, such as F-Secure or G-Data. However, we cannot disclose the names of the other companies.
How much do you invest in the more secondary features, that don't necessarily contribute to enhancing the security of a system? I'm referring to features included mostly in Total Security Suites, such as: Parental Controls, File Backup, File Synchronization, etc.
Obviously, the classic features of a security suite such as antivirus, firewall, antispam, etc are the main focus of our team's work and receive most of our company's development resources. However, we do have dedicated teams for each of the secondary features we offer in our products and they are staffed as needed, depending on the amount of work required to maintain these modules. You can imagine that we don't need as many people working on Parental Controls as on the antivirus protection engine.
BitDefender has a classic line-up of products: BitDefender Antivirus, Internet Security Suite, Total Security Suite and Sphere, which offers a license for up to 3 users that can use the top security suite you provide, on any platform you support, on an unlimited number of devices. Which of these concepts is most popular with your users? Do they prefer the added features of a Total Security suite or the more classic security products?
BitDefender Internet Security Suite is definitely our most popular product. There are people who enjoy the added features of a Total Security Suite but they are in minority. However, we've been pleasantly surprised by the success and positive feedback we received for our new BitDefender Sphere product. It seems many people enjoy having a unified security solution that can protect their PCs, Macs and Android-based Smartphones or Tablets. They very much enjoy the flexibility of purchasing just one more affordable license to protect all the computing devices in their homes.
Last but not least, let's talk a bit about Windows 8 and its new Metro interface. Do you plan to offer security solutions designed for the new touch interface? Will you provide separate security products for Windows 8 tablets?
We are definitely working on providing some exciting products for Windows 8 and the new Metro interface. The challenge with Metro is that applications run with restrictions and limited permissions. They don't have full access to the system as Desktop applications do. Therefore we need to find ways to get around that and provide effective protection.
Unfortunately though, we are not at liberty to discuss more specifics about our plans with security products for Windows 8. We will be able to provide more information closer to Windows 8 being finalized and made available.
Conclusion
As you can see from this discussion, developing a good security solution is no easy task. It involves lots of work, knowledge of different aspects of computing, networking and security. We hope you found this conversation interesting and useful in learning more about the whole process involved.
Before we close this article, we would like to thank BitDefender for sending us this invitation and giving us the opportunity to have a very interesting conversation with some of their best specialists.