Best Antivirus Speaks to Intego's Chief Security Analyst
Joseph Steinberg Interviews Joshua A. Long - Intego’s Chief Security Analyst
Joseph Steinberg: So, Joshua how did you start your journey in cybersecurity? How long have you been in the field?
One of my earliest memories of being exposed to cybersecurity was in the mid-1990s, when it was not uncommon for students to trade software via floppy disks or IRC (Internet relay chat) that claimed to be able to disconnect anyone from their dialup Internet connection. Around the same time, I became aware of a thought-provoking book about polymorphic computer viruses; it compared them with real-life organisms and their ability to adapt and evolve.
Later, in the early to mid-2000s, peer-to-peer file sharing became increasingly common and was often used for music and software piracy. Although I was a Mac user, my Windows-using friends and associates started asking me for help fixing their PCs which had mysteriously slowed down. It turned out that they were infected as a result of downloading Trojan horses, spyware, and adware—which had become more of a problem than traditional computer viruses. (Of course, these days Mac users are just as likely as Windows users to encounter such threats.)
Around that time, I decided to pursue a master’s degree in IT. With all the fascinating things happening in the world of computer security, it was clear to me that the most interesting master’s degree specialization I could choose was Internet Security.
Security was always a major focus of my previous career as an IT manager and director of technology overseeing enterprise networks; I’ve done everything from endpoint security and digital forensics to defending networks and safeguarding data, and more.
Joseph Steinberg: What do you specialize in at Intego? How did you get into that area of infosec?
I play several roles as Intego’s Chief Security Analyst. Among other things, I work with our team of malware hunters and analysts to identify and research new threats, I write articles and white papers about our research, I do public speaking about cybersecurity at conferences, I co-host Intego’s weekly security and privacy news podcast, and I host and produce videos about the latest security news and threats.
Prior to working at Intego, I began blogging and podcasting about tech and other topics in the mid-2000s, and I began focusing specifically on writing about security in 2009. Before I transitioned to working full-time for Intego in 2018, I had been producing articles, podcasts, and videos for Intego as a side job since 2012. When the opportunity opened up to do what I love full-time for a company I love, I couldn’t pass up the chance!
Joseph Steinberg: How are you coping as an organization with COVID-19, and its impact on your company and its operations, remote working in general, and the global economy?
Since the pandemic began, our teams around the globe have been following local guidance to safely work from home when needed. The transition to remote work has overall been rather smooth for us, partly because our teams were already accustomed to interacting with colleagues in multiple international offices. By and large, Intego operations have not been negatively impacted by the pandemic.
Joseph Steinberg: Other than COVID-19, what are some of the biggest challenges to cybersecurity that you see today?
There are a number of significant challenges in the security field today.
One series of related examples has to do with passwords and authentication. It is widely known that passwords are problematic; if they’re memorable, they’re generally insecure. If they’re long and unmemorable, then there is either a temptation to reuse one password for many services (which is bad), or else the user must record all their unmemorable passwords someplace only they can easily retrieve them (while preventing unauthorized parties from accessing them). Thus, nowadays a password manager is virtually required, and given the importance of keeping passwords safe, one must try to choose one that is designed well and made by a trustworthy developer.
Phishing, which has been a problem for many years, often leads to the exposure of a password to a malicious third party. The world has also learned through countless data breaches that many sites and services don’t even properly store passwords—or rather, password hashes—in the first place. The frequent public exposure of passwords is one reason why reusing the same or very similar passwords across multiple services is such a bad practice. All of these issues make passwords by themselves a less effective means of protecting important accounts, so multifactor authentication has become essential.
And yet, not every service offers two-factor authentication—and many services that do offer 2FA only offer SMS-based one-time codes, and SMS has serious problems of its own (such as SIM hijacking, for example). Sites and services will gradually adopt safer and more secure methods of multifactor authentication, but currently there remains a lot of room for improvement. For now, if a service’s only two-factor option is SMS, go ahead and enable it in spite of its imperfections; SMS-based 2FA is still securer than merely using a password without a second factor.
Joseph Steinberg: Fast forward five years and then ten years – what is going to be going on in the world of cybersecurity?
We will continue to see more advanced attack scenarios in the coming years that are increasingly difficult for the average person to fully comprehend and mitigate, such as the exploitation of speculative execution vulnerabilities in microprocessors, or vulnerabilities in a mobile device’s secure enclave. IT professionals, as well as every home’s de facto “techie” person, will increasingly need to stay aware of the latest threats and learn how to protect themselves and others.
As for the longer term, early experimentation with quantum computing has already hinted that many of today’s standard security protocols will likely become irrevocably broken and obsolete in the not-too-distant future. Quantum computers designed specifically to break encryption will first become available to rich and powerful entities like government intelligence agencies.
The best minds in cryptography have been anticipating this shift for years and are trying to find plausible solutions to the problem. But even once post-quantum cryptography solutions exist, ubiquitous adoption of almost any technology is notoriously slow and gradual, so we can expect some systems to remain weak and vulnerable for months or even years after quantum computing becomes an active threat to everyone’s security and privacy.
Joseph Steinberg: From your experience what is the most important thing to consider when buying an antivirus product or endpoint security suite encompassing among other things, anti-malware technology?
Naturally, there are many factors to consider when choosing a security suite or anti-malware product. One of the most important, and most obvious, is whether it reliably detects malware!
A couple years ago, before I started working full-time for Intego, I had the opportunity to do some side-by-side testing of several popular endpoint protection solutions to see which ones did the best job at detecting and blocking malware. I was surprised to discover that many of the trendy antivirus solutions actually did a poor job at one of the most basic tasks: on-write or on-access detection of malicious files.
Disappointingly, several popular products did not even have this fundamental feature at all, and actually waited until the user opened a malicious app or manually scanned the entire system before determining whether a file was harmful and deciding whether to block, quarantine, or remove it. A good anti-malware product should detect and block malware the moment that it’s written to disk or accessed—not ignore the malware completely until a user double-clicks on it or manually runs a complete scan of their system. One very popular product refused to detect malware unless a complete system scan was initiated and the malicious files resided in specific places on the drive at the time the scan was initiated.
Anti-malware products that don’t do live, real-time (on-write and on-access) scanning put systems at risk, because much less malware will ever get detected, meaning infected systems will continue to harbor malware. If malware is allowed to stay dormant on an endpoint, this significantly increases the likelihood that a user may unknowingly share a harmful file with a colleague or loved one.
Joseph Steinberg: What advice would you offer to anyone considering buying a security suite for their users?
Avoid trendy endpoint protection solutions that make a lot of flashy claims but don’t offer basic features like live on-write or on-access detection of malware. Products that only detect on-execute or on-scan will leave your endpoints harboring harmful files.
If possible, conduct your own testing to verify the effectiveness of any solution you may be considering.
Joseph Steinberg: Now that people started to work from home, what would you advise freelancers and companies to be aware of regarding cybersecurity?
For some, the transition to working from home—whether due to employer or government mandate, or due to a job change—has not necessarily been easy. In an age when attacks like zoombombing get coverage from mainstream news media, many end-users have started to become more aware of the need to improve the security of their home networks and devices.
Those who work from home using their own computer should, at minimum, invest in trustworthy anti-malware, outbound firewall, and VPN software to protect their security and privacy. Intego offers anti-malware software for Windows and a complete endpoint protection suite for Mac. For personal VPN protection, we recommend choosing Private Internet Access, CyberGhost, or ZenMate.
It is also helpful—for remote workers and employers alike—to keep aware of the latest security and privacy threats to know how to stay safe and secure. Intego’s security blog and weekly podcast are two great, free resources.
Employers with a mobile workforce should ensure that home workers have the proper tools and training to avoid threats like ransomware and spear phishing. They may also want to look into zero-trust networking technologies to more accurately validate connection attempts from remote workers.
Joseph Steinberg: Are there any other points of wisdom that you would like to share with our audience?
Knowledge is power when it comes to staying safe from security and privacy threats, so it’s important to always keep learning! I suggest subscribing to informative blog (through which you can sign up for our monthly newsletter) and our fun and insightful weekly podcast, which I co-host. You may notice that these resources cover a lot of Apple-related topics, but even if you use Windows, Android, or other platforms, you’ll find a lot of invaluable privacy and security tips that can benefit all Internet users, so please check them out!