AVG's CEO JR Smith explains the social-networking threat to users and the data-based business model
Social-networking sites are letting their users down over security, according to the CEO of AVG.
Following a string of scams on Facebook and a hacking attack against Twitter, AVG's chief executive, JR Smith, has called for the social-networking sites to take security more seriously.
We sat down with Smith to find out what the industry must do to protect users and to get his thoughts on how Facebook is threatening web companies' collection of user data.
Q. Twitter and Facebook have been frequently targeted by hacks and scams lately. When it comes to security, do you think that these sites are letting their users down?
A. We know they are. We block 5,000 threats a day on Facebook. And when we find really big ones, we’ll call. Our chief scientist knows their side pretty well by now.
I think Facebook is coming around to the fact that it needs to do something. It has a huge security department. It's not taking it lightly, but when you’ve got 500 million people on that platform and you’ve opened it up for developers, it’s hard to know [what's going on].
While Zuckerberg is trying to create this great community, he’s going to be the single guy that kills it
[Founder Mark] Zuckerberg, all he wants to do is make everything public. He’s stated that openly. He’s going to be the worst thing that’s happened to people’s ability to do stuff online, because he keeps going out and saying "I'm going to make everything public.”
He’s got the EU commission saying it may force companies to have agreement from the user to store any information about them, or make them dispose of it, or just ban it altogether. And the Department of Justice in the US is doing the same thing.
So while Zuckerberg is trying to create this great community, he’s going to be the single guy that kills it, because legislation will be passed that stops you from collecting data and it will damage Microsoft’s business model, Google’s business model, Facebook’s as well as ours.
All the information we collect is for detection. If the EU says we can’t do that, detection’s going to drop to like 12%. That’s pretty scary.
Q. AVG 2011 has some new social-networking protections. How do they work?
A. With LinkScanner, if you post a link to your page, we’ll scan it to make sure it’s not malicious. We’re trying to stop the spread.
In addition, we’ve created a new orange warning – we have yellow, red and green. The orange says it could be a scam site of some sort. When things aren’t illegal, but aren’t necessarily safe, we’ll flash up an orange warning.
Also, if we’re not certain where your personal information is being stored, we’ll warn you. Lots of games and things – "what rock band do I most associate with?" – they ask you for your name, address, different things.
If we can’t see where they’re going to store that information, if it’s behind a blacked-out partition somewhere in China, we’ll warn you that maybe you don’t want to put your information in. We're helping you protect yourself by giving you those early-warning signs.
There’s also some virtualisation behaviour stuff, where if we doubt the link but we can’t tell if its malicious or not, we’ll run it in a virtual environment really quickly to see what it does and then let you proceed or not.
Q. How can antivirus software protect new devices, such as mobile phones, which may not be able to spare the processing power?
A. It goes back to stopping it before it starts. You can have a pretty light bit of kit to do that. Our LinkScanner is a very small package and doesn’t take up much processing time, and 99% of what we see getting on people’s computers comes through the web, so if you can put a 99% filter on a phone through LinkScanner, then I think you’ve done a great service.
We’ve got 110 million people who use the product, and a lot of them are free – a big huge chunk of them are free, which we like
The behavioural engine [which looks for apps doing things they're not supposed to, such as an Excel file trying to access the internet] catches a huge percentage of stuff, faster than signature-based detection.
With the various layers of security coming out, it won’t be long before you can completely remove the AV agent altogether – eliminate the need to evaluate 40,000 samples a day and keep those databases updated, which is the majority of what slows you down.
Q. How long until we no longer need signature-based detection?
A. I give it three years. We talk about it a lot. If we can get all this other stuff working, you won’t need it.
A lot of companies have gone purely cloud, but their detection rates aren’t there, and you have to be connected to the internet for it to work, so you have to have multiple security layers to make it work.
Q. You have a free service as well as a paid-for version. How is that model working for you during such economically tough times?
A. We’ve got 110 million people who use the product, and a lot of them are free – a big huge chunk of them are free, which we like, we don’t mind.
The whole reason that free was pushed out was so everyone should be protected. If consumers want to spend their money on other things, that’s fine.
Our freemium model is what drives the business, and business is growing very quickly, it’s got good margins and we’re very happy.
Q. You said you just want people to be protected - don't most people have antivirus on their PCs by now?
A. We've seen various studies, and we’ve conducted some ourselves, that lead to the fact that 60% of the people who think they have protection actually do and the rest don’t.
While it looks like almost 100% of people have some kind of protection, in reality 40% of those their licence has expired, or the trial expired, or they didn’t install it right.
Even our customer base, who buy our product, 20% of them never get an update. We need to communicate with these people to tell them they've installed it, but it’s not working properly. There’s a huge gap between perception and reality.