Recommended: Click here to improve PC speed »
IT security is one of the most dynamic segments of the IT market, with anti-virussoftware traditionally featuring at the top of the list of the market players. Manyhabitually think that the worldwide web is teeming with viruses against which apowerful shield is needed. Meanwhile, Igor Danilov, the developer of the legendaryRussian anti-virus, Dr. Web, sees the anti-virus software market as a huge bubbleexisting solely due to PC usersÂ' fears. In his interview for CNews magazine (itse-version is www.cnews.ru), Mr. Danilov, IT- director with  Doctor Web and theguru of the Russian anti-virus industry, shares his views as to what a reallyefficient anti-virus software package should be like, why Dr. Web has released itsmonopolistic grip on the market, and how a company may hope to survive and continuedeveloping while counting on more than sales growth alone.
You were among the founders of RussiaÂ's anti-virus software market. Has thesituation changed a lot since then?
When it all began, there was no market at all; actually, there isnÂ't any today,either. There have been attempts to create something of the kind; and yet, todayÂ'santi-virus market is one huge bubble  both here in Russia and worldwide. In thelate 1980s and early 1990s, when the first viruses appeared, every other programmerwas busy developing anti-virus program. That was fairly easy and didnÂ't take toomuch time to do. You had a virus  you added a signature, or else a control sum,then you scanned a file for the virus body, notified the user, and that was that.Later it turned out it was not enough to merely notify the user, so curingtechniques began to be included in the anti-virus packages. ThatÂ's where a bigqualitative leap occurred, leaving many home-made virus developers dissatisfied withthe quality of their products and removing a huge number of viruses from the scenefor good.
That evolution brought to the forefront a group of IT leaders who were able to dothe full-fledged virus detecting and curing. In mid-1993, the first polymorphicanti-virus instruments appeared. At about the same time, Dr. Web became widelyknown. In 1993-1997, not more than a couple of new anti-virus software packages weredeveloped, and by the end of 1997, five top players had taken the market under theirfull control, making our subsequent work pretty dull: with the expansion of theInternet services, virus technology grew ever more primitive. Delivering a virusfrom point A to point B became very easy: you no longer had to use sophisticatedtechnology to conceal the virus body. The profit-thirty anti-virus developers weresort of taken hostage: the outwardly good anti-virus tools they offered wereactually no good at all because they were only effective against primitive viruses.Their inability to crack more sophisticated ones was somehow overlooked amidst a seaof trivial viruses plaguing the web.
TodayÂ's situation at the market is indeed deplorable. The majority of tools offeredtoday cannot be identified as anti-virus software proper; it seems, at best, thatthey have been developed by pretty bright high school undergraduates each of whomclaims to be  the leader . The threshold level of admission to the anti-virus clubhas dropped considerably, with primitive script virus fighters coming to the fore tolead the way.
Why is it that the hi-tech Dr. Web package, which ten years ago accounted for 95percent of RussiaÂ's total anti-virus software sales, has lost its monopolisticposition?
I would tell you more: ten years ago I would hardly ever find a PC with alternativeanti-virus software installed on it. Our product was so popular that many of todayÂ'sself-proclaimed  leaders use technology merely replicating Dr. Web. Very manysoftware programs in Eastern Europe and South-East Asia are actually driven by ourengine. All the university students from those regions who studied here in Russiaduring that period had in-depth knowledge of our technology. The West, though, hadits own technology leaders, and promoting our products there was out of thequestion. There were two of us, anti-virus software developers, fanatically devotedto our work. We had only one task to fulfill and one challenge to meet  that is, toinvent the worldÂ's best defense against the worldÂ's most sophisticated virus. Butthen the 1998 financial crisis broke out, leaving us penniless and leading to thecollapse of the market at which we worked. At the same time, it opened up tremendousopportunities for the shoot-off of a group of those who actually had no technologybut were eager to earn money on IT with a modest dollar amount to support theminitially  and with some interest on the part of Western companies, into thebargain. As for us, we found ourselves faced with the problem of how to survive, nothow to develop.
Why is there no talk at all about defense against sophisticated polymorphic viruses?Does this mean only a few of the anti-virus software packages used today are capableof resisting really serious virus threats in real terms?
IÂ'll give you an example to answer your question. A little over a month ago, a newvirus appeared. Nothing out of the ordinary, but an exceptionally good one,considering todayÂ's level of virus technology. Formerly, viruses used to be a lot more complicated. Now, we looked at the new virusclosely and everyone agreed: yes, a good one indeed. So we wrote a detection programand forgot all about it. But a whole month has passed since then, and there isnÂ't asingle anti-virus tool in the world that can detect it. None of those  leaders whoclaim to use the worldÂ's best technology can detect this virus. ItÂ's indeedridiculous: our company has been accused of creating the virus itself, deliberately like, Dr. Web is taking pains to promote its products that way. Finally I made apublic statement saying:  Ah, well, we did invent that new virus only because we hadnothing else to do! Some must have taken the message seriously because a number ofusers asked us to provide an anti-virus cure as well. Just think of it: none of the leaders can even detect that virus, and we are supposed to provide a cure! And nojoke cure it must be, because they use the XTA algorithm which is as hard to crackas DES. Actually, we have been approached with that request not only by users of ourown software but also by other anti-virus vendorsÂ' clients. I would tell them,  Youguys have vendors of your own, right? Ask them to provide you with at leastdetecting tools!Â
Why are all the major market players keeping mum? Is none of those who know who thereal technology leaders are willing to purchase an excellent engine  or maybe theentire company as well?
Well, they are willing to buy, and we have heard many offers. Or, rather, we hadmany offers  until recently. Those who have been in the market for quite some timeknow all too well that Dr. Web is not for sale. I donÂ't need to sell it. Why? IÂ'vegot a good business of my own that yields enough money for me to enjoy by life. Myobjective is to keep on improving our technology and do my best to make life for mycompanyÂ's personnel as enjoyable.
You wouldnÂ't want to do that under the auspices of a global corporation?
No, why? You know, living in the country is real fun. Moreover, I know exactly whereI belong in the world anti-virus hierarchy. Everybody in the anti-virus softwaremarket knows that there are only five companies worldwide that offer technology oftheir own. The rest steal it from others.
What would you describe as a really good anti-virus instrument today?
There are many evaluation criteria. One is the ability to detect sophisticatedpolymorphic viruses without any exception. While testing our product we make, say,10,000 copies of one and the same complicated virus. If at least one of those isleft undetected, itÂ's an emergency for us, and we send our anti-virus tool back forre-development. Besides, thereÂ's another important criterion: an anti-virusinstrument must excellently perform its basic functions without irritating the user.It must not scale down your PCÂ's efficiency notably, or shout like one mad everyother second that it has saved your system again from imminent destruction, and soforth. And thereÂ's the remarkably workable system of myths and rumors to be takeninto consideration. If someone says that  this vendorÂ's anti-virus tool fails todetect everything , word will go around immediately  you know what I mean. ItÂ'slike buying a door lock  the heaviest, the most sophisticated, and generally, thebest and most expensive  and then hearing on TV that it can be opened with ahairpin in a couple of minutes, which means it is no better than an ordinary one,worth $3. Therefore, the sole reliable criterion is quality. Unfortunately, it canonly be tested on your own skin.
There are scores of  anti-virus quality ratings today, like  This product detects99.95 percent of known viruses . What do you think of those?
ThatÂ's pure marketing. In the first place, the very figure of 99.95 percent seemsquestionable. All those tests are held like this. Say, you have a large collectionof viruses of which each must be detected. If at least one virus is left undetected,the entire software product cannot be called anti-virus. In case of unknown viruses,it is totally unclear how to calculate the percentage of detected viruses. Besides,methods of testing may vary. For example, you may download what you call a  virusdump from the Internet and try to clean it up with an anti-virus. The resultingefficiency factor would hardly be higher than 90 to 92 percent. But what kind of avirus collection would that be? It would be one containing huge numbers of brokenfiles, binary viruses, etc. These being unworkable viruses, why waste time trying todetect them at all? My position in that respect is pretty rigid: I never deal withtrash or add it to my databases. Meanwhile, many anti-virus vendors have wonconsiderable publicity working with this particular kind of collections. I do notmean to say thatÂ's bad; thatÂ's just one way of doing business. But the question ishow relevant all those ratings are. I deliberately exclude all that rubbish asirrelevant; but then it turns out that Dr. Web fails to detect everything. Is itgood or bad, you may ask. Well, judge for yourselves.
Here is one example to illustrate it. A French partner once called us to askangrily:  Why do you sell a product ranking only 17th in the world? It turned outthat a respectable British computer magazine had published a rating list ofanti-virus software in which Dr. Web ranked as low as 17th. I then called thatmagazineÂ's editor to ask what evaluation criteria they had applied.  Those data arenot ours; they were supplied by a third party, he said. Finally, we tracked downthat  third party  a teenage virus collector living in Greece. The guy really wentmad with delight hearing a real vendor speaking to him on the phone. Asked about hisevaluation criteria, he said he had tried a variety of anti-virus tools on his viruscollection, giving a certain number of points for various functions.  Who ranksfirst according to your list? I asked. He mentioned a vendor commonly known to useanother companyÂ's engine. And the engine developer itself, a company offering itsown software, turned out to rank much lower. Is that fair? This situation can beextrapolated to a wider context. Say, if a company has suggested a methodology ofits own and succeeded in establishing itself as the image-making vendor, all theother vendors will be expected to use that methodology  or risk being listed amongthose whose products are only 80 percent efficient.
Regrettably, those ratings will affect a companyÂ's image, whether you like it ornot. The worst thing is that they create negative attitudes on the part of users.WhatÂ's to be done about it?
Nothing. ThatÂ's why I call the anti-virus market a bubble. ItÂ's up to the userhimself to judge whether an anti-virus tool suits him or not. Besides, our companyshould care about its reputation. It helped us survive through the crisis and keepon developing; we have lots of respectable partners and the number of users hassteadily grown. ThatÂ's the sole reliable criterion. We know all too well that itÂ'sno use  ordering a high rating because a vendor with larger sales may order threesuch ratings. Anyway, the user would be left misguided and defenseless. Therefore,we need to uphold our reputation. This can be done, specifically, by sticking to ournot-for-sale policy. Big money can be beaten by still bigger money, whereas goodsoftware is unbeatable.
How can an end user find a  really good anti-virus instrument?
ThatÂ's very difficult, especially today. The users are scared. They are constantlythreatened with viruses, other dangers, and innumerable Trojan worms trying hard tosteal their data. This atmosphere is created by some anti-virus vendors in the firstplace. ItÂ's like the situation with the birdsÂ' flu: some say a pandemia isinevitable, and we all will die. Horrific, isnÂ't it? Some people give way to panicbut others stay cool, hoping it isnÂ't as bad as that, after all. Keeping the usersscared and persuading them that only your product can protect him against anytrouble is a very clever idea. A person will buy your anti-virus software, althoughhe may never catch a virus at all and never know how efficiently your product works.Quite often, we have had to clean up thousands of viruses after an alternativeanti-virus toolÂ's operation.
I, too, have some anti-virus software  not Dr. Web  installed on my PC. If youscan it for viruses and detect a thousand or so of them, and given they have notbothered me at all, are those viruses really as nasty as they are described?
A good question. Well, no, they are not that nasty. I always say if you have noconfidential data in your computer, you generally donÂ't need an anti-virus tool.What harm can be done to your PC if thereÂ's nothing to spoil? Oh, well, it may growa bit slower. But if this doesnÂ't hamper your work, you may as well forget all aboutit. If you only use your computer for playing games, should you really waste moneyon anti-virus software? But if you think of all those passwords, an anti-virus toolmay come handy, after all. Besides, your computer may be turned into a zombie forspamming, etc. ItÂ's the same way with a personÂ's health: if you are fit and strong,you will not want to start taking pills. But you will most likely take vitamins tostay healthy. For an end user, anti-virus software is a kind of such  vitamin .
While selecting your anti-virus system, donÂ't look at any of those ratings becausethey are based on  laboratory testing. They take a collection of  dead viruses andtest a variety of anti-virus tools on them. Each tool  sees a virus, reports: Danger: virus detected! and goes on with the scanning process. In real life, it isdifferent. You work on your PC, enter a website and  there you are!  you arealready infected, with some process suddenly grabbing 70 percent of your machineÂ'scapacity. With anti-virus software installed, you feel okay. Otherwise you rush tobuy it. And it doesnÂ't matter which  probably, one offered by some of the leaders . But there are just a few anti-virus tools in the world that can beinstalled on your infected PC. The rest wonÂ't allow the setup function to be enabledbecause of the resident virus, and you will have to reinstall the operation systemfrom scratch. Everything becomes clear at once. But none of the  leaders has everdone this kind of testing, although Boeing once pointed to the problem. They donÂ'twant to do it  itÂ's too big a headache.
An anti-virus tool can only detect a virus if it  knows it. Meanwhile, many vendorsat the information security market have spoken about proactive defense.
If you refer to various behavioral technologies or the tracking of potentiallydangerous processes, Dr. Web proposed a number of solutions in the relevant areas asearly as in 1993, winning some prize and an invitation to attend CeBIT.
Some producers have gone as far as saying that they will incorporate an anti-virusfunction into their IDS/IPS or program solutions, which will eliminate anti-virussoftware as a class. Is that possible?
Their words cannot be taken seriously. Any complex solution is bound to be weak inat least one of its functionalities. We have tanks, and battleships, and fighterplanes today. But we also still have the Kalashnikov. If thereÂ's a loophole, a viruswill be sure to use it. And a complex solution will always leave such a loophole.Creating a perfect product is impossible, especially on the basis of a dozenspecialized, narrow solutions. Very few people have asked whether or not thecomponents  those specialized products  are good enough. While trying hard toprotect our customers as efficiently as we can at each step, we are fully aware ofthe fact that we cannot possibly guarantee invariably high quality. We know we canonly do this and that, and we walk the talk. For example, we protect Unix and Novellbetter than anyone else.
But what if some huge company buys the best of those specialized solutions with aview to producing a  perfect product?
You canÂ't buy each of them. But you can well buy an engine. Why not, if this isbeneficial for both us and our customer? Our engine drives a variety of anti-virusinstruments, and we earn money on it. For example, Korean Airlines and many othermajor clients use our anti-virus software  in a variety of wrappings.
Your devotion to principle seems to be a major barrier to business. Where is thedividing line between scientific interest and commercial interest?
It is very hard to feel. Honestly, we have often made mistakes rejecting somethingas irrelevant and then coming to realize we had lost a major opportunity. ItÂ'salways been that way. Gains alternating with losses  thatÂ's life.
And how about maximizing your sales?
What for? Setting this kind of goals is not exciting. What can we buy with thatmoney? Some believe we can buy freedom. Freedom from what, one may ask. Will we feelfree flying wherever we like, eating and drinking whatever we like, or livingwherever we choose to? Sometimes, a person who has planted and harvested potatoeswith his own hands feels much freer than that. Alexander the Great wanted to beburied with his hands outstretched. Having conquered half the world, he wanted totell everyone:  Look, I havenÂ't taken anything with me. Money, money, money Manypeople today believe that anything goes when it comes to moneymaking. What about atleast some moral norms and values? We are interested in developing our technology,in doing something new. We want to engage in creative activities. This is one of ourmajor values.
