The Comodo CEO has gone on record as stating that the anti-virus industry is broken as practiced by most vendors, requiring a game-changing shift in the approach to desktop security.
“The anti-virus industry today does not share samples in real time”, which is to the detriment of its end-users, Abdulhayoglu said. His company has created a platform called DACS [Distributed and Collaborative Scanning] that allows users of other anti-virus software to share scans – and malware samples -- with the rest of the world.
Infosecurity asked the Comodo CEO why this lack of intelligence sharing is so pervasive among security vendors. Marketing gimmicks among anti-virus vendors, whereby they sometimes claim exclusive ability to detect a particular virus, is akin to harboring a criminal. “To me, this is unethical”, he added.
In the digital world, Abdulhayoglu believes viruses are the equivalent of a real-world criminal, and anti-virus vendors release details on the malware signature only “once it has become irrelevant”.
“This is why you have viruses infecting tens of millions of people on a daily basis – because the solution we have is not even a solution”, he lamented. “It only can see part of the problem.”
Abdulhayoglu has attempted previous efforts to standardize the sharing of malware detection across the anti-virus industry, and many companies – among them Webroot, Microsoft, and CheckPoint – came to the table.
“Unfortunately, the most important companies in the AV industry [McAfee and Symantec] didn’t turn up. These guys are not interested in self-regulation”, he continued. “These people are not interested in doing what’s right, in my view. They are simply interested in continuing to make money.”
“What would happen if the FTC looked into some of the marketing statements of a McAfee, Symantec, or Kaspersky?”, Abdulhayoglu asked. At some point, the CEO opined, they “will be caught red-handed”.
Of course, Comodo does make claims about the effectiveness of its products, but Abdulhayoglu was quick to point out that his company backs up these assertions by insuring its users with a policy underwritten by Chubb.
“Yes, we make claims, but we put our money where our mouth is and back it up with insurance”, a policy he contended is possible because of Comodo’s sandboxed or “default-deny architecture”.
“Comdo’s mission is to become the security and trust layer for the internet”, Abdulhayoglu said in parting. “We are hell-bent on making sure this occurs.”
"If you do what's ethical, there are always ways of making money", he added. "To me its unethical to be the only industry that's worth $10bn with zero security standards. It's just plain wrong."