“I’m sick of viruses and malware”, Adbulhayoglu told Infosecurity at last week’s SC Congress in Manhattan. The CEO of Jersey City-based Comodo, a digital certificate vendor and desktop security provider, has taken issue with the way the current desktop security industry operates, especially its anti-virus offerings.
“You cannot have an industry that you pay $10 billion for, yet the problem keeps getting bigger and bigger”, said Abdulhayoglu.
“You pay $3 for some headache pills, and you take them and the headache is gone”, he continued. “[We] pay $10 billion to solve a malware problem, yet the malware still is there and getting bigger. Why? Because there is no business model to mitigate that risk.”
Abdulhayoglu believes that as long as major AV companies have a business model of making more money off of infected customers, then there will be more malware. He added there is no motivation to really protect against the malware threat.
In an effort to reshape the traditional desktop security model, in 2010 Comodo began offering a warranty of up to $500 toward repair costs for a machine infected by malware while using its Comodo Internet Security (CIS) 2011 security suite. It was a first for the security industry Abdulhayoglu claimed.
Then the self-proclaimed “idealist geek” gave Infosecurity a recount of history. Abdulhayoglu recalled that the invention of printing went hand-in-hand with many of our most significant technological achievements. “The internet is printing on steroids”, he asserted.
“We are sharing and retaining information at a rate that has never been seen before”, he added. “It is my duty as an engineer, and a geek, that this revolution succeed.”
The Comodo president said this will not happen if you try to charge people $60 a year for a product that does not work, while you only paid $300 for the computer. “Just like you don’t go pay $5000 to change the oil in your car that you paid $15 000 for. This is why some people still don’t use anti-virus, and others who do still get infected.”
He agrees that anti-virus, of and by itself, is one of the more useless security tools available today. He says that marketing of anti-virus has changed the perception of the product. Abdulhayoglu contends that AV is a cleaning tool, not a preventive one. “The way that it works is still reactive, it still looks for signatures”
His company uses a “default-deny” architecture in its desktop security suite, and “whitelisting is one small tool to make it work from a usability point of view”. The sandbox feature of the architecture allows unknown applications to run in the sandbox while the app is submitted to Comodo for analysis. This is especially meaningful for consumer users, who tend to comprise a more fluid environment for unknown apps when compared to enterprise customers.
He says this default-deny architecture works in the consumer market, giving as evidence his more than 35 million customers. Abdulhayoglu is so confident in this security framework for the consumers that he can go to the enterprise segment and offer the same insurance against infections.
“For the first time ever, your security is aligned with the vendor’s business model. You get infected, it costs Comodo, whereas with other models, it does not. This has not been done before.”