Released on = May 30, 2006, 10:11 am

Press Release Author = Doctor Web, Ltd.

Industry = Software

Press Release Summary = IT security is one of the most dynamic segments of the IT
market, with anti-virus software traditionally featuring at the top of the list of
the market players. Many habitually think that the worldwide web is teeming with
viruses against which a powerful shield is needed. Meanwhile, Igor Danilov, the
developer of the legendary Russian anti-virus, Dr. Web, sees the anti-virus software
market as a huge bubble existing solely due to PC users\' fears.

Press Release Body = Igor Danilov: "The Anti-Virus Software Market Is A Big Bubble".

IT security is one of the most dynamic segments of the IT market, with anti-virus
software traditionally featuring at the top of the list of the market players. Many
habitually think that the worldwide web is teeming with viruses against which a
powerful shield is needed. Meanwhile, Igor Danilov, the developer of the legendary
Russian anti-virus, Dr. Web, sees the anti-virus software market as a huge bubble
existing solely due to PC users' fears. In his interview for CNews magazine (its
e-version is www.cnews.ru), Mr. Danilov, IT- director with "Doctor Web" and the
guru of the Russian anti-virus industry, shares his views as to what a really
efficient anti-virus software package should be like, why Dr. Web has released its
monopolistic grip on the market, and how a company may hope to survive and continue
developing while counting on more than sales growth alone.

You were among the founders of Russia's anti-virus software market. Has the
situation changed a lot since then?

When it all began, there was no market at all; actually, there isn't any today,
either. There have been attempts to create something of the kind; and yet, today's
anti-virus market is one huge bubble - both here in Russia and worldwide. In the
late 1980s and early 1990s, when the first viruses appeared, every other programmer
was busy developing anti-virus program. That was fairly easy and didn't take too
much time to do. You had a virus - you added a signature, or else a control sum,
then you scanned a file for the virus body, notified the user, and that was that.
Later it turned out it was not enough to merely notify the user, so curing
techniques began to be included in the anti-virus packages. That's where a big
qualitative leap occurred, leaving many home-made virus developers dissatisfied with
the quality of their products and removing a huge number of viruses from the scene
for good.

That evolution brought to the forefront a group of IT leaders who were able to do
the full-fledged virus detecting and curing. In mid-1993, the first polymorphic
anti-virus instruments appeared. At about the same time, Dr. Web became widely
known. In 1993-1997, not more than a couple of new anti-virus software packages were
developed, and by the end of 1997, five top players had taken the market under their
full control, making our subsequent work pretty dull: with the expansion of the
Internet services, virus technology grew ever more primitive. Delivering a virus
from point A to point B became very easy: you no longer had to use sophisticated
technology to conceal the virus body. The profit-thirty anti-virus developers were
sort of taken hostage: the outwardly good anti-virus tools they offered were
actually no good at all because they were only effective against primitive viruses.
Their inability to crack more sophisticated ones was somehow overlooked amidst a sea
of trivial viruses plaguing the web.

Today's situation at the market is indeed deplorable. The majority of tools offered
today cannot be identified as anti-virus software proper; it seems, at best, that
they have been developed by pretty bright high school undergraduates each of whom
claims to be "the leader". The threshold level of admission to the anti-virus club
has dropped considerably, with primitive script virus fighters coming to the fore to
lead the way.

Why is it that the hi-tech Dr. Web package, which ten years ago accounted for 95
percent of Russia's total anti-virus software sales, has lost its monopolistic
position?

I would tell you more: ten years ago I would hardly ever find a PC with alternative
anti-virus software installed on it. Our product was so popular that many of today's
self-proclaimed "leaders" use technology merely replicating Dr. Web. Very many
software programs in Eastern Europe and South-East Asia are actually driven by our
engine. All the university students from those regions who studied here in Russia
during that period had in-depth knowledge of our technology. The West, though, had
its own technology leaders, and promoting our products there was out of the
question. There were two of us, anti-virus software developers, fanatically devoted
to our work. We had only one task to fulfill and one challenge to meet - that is, to
invent the world's best defense against the world's most sophisticated virus. But
then the 1998 financial crisis broke out, leaving us penniless and leading to the
collapse of the market at which we worked. At the same time, it opened up tremendous
opportunities for the shoot-off of a group of those who actually had no technology
but were eager to earn money on IT with a modest dollar amount to support them
initially - and with some interest on the part of Western companies, into the
bargain. As for us, we found ourselves faced with the problem of how to survive, not
how to develop.

Why is there no talk at all about defense against sophisticated polymorphic viruses?
Does this mean only a few of the anti-virus software packages used today are capable
of resisting really serious virus threats in real terms?

I'll give you an example to answer your question. A little over a month ago, a new
virus appeared. Nothing out of the ordinary, but an exceptionally good one,
considering today's level of virus technology.
Formerly, viruses used to be a lot more complicated. Now, we looked at the new virus
closely and everyone agreed: yes, a good one indeed. So we wrote a detection program
and forgot all about it. But a whole month has passed since then, and there isn't a
single anti-virus tool in the world that can detect it. None of those "leaders" who
claim to use the world's best technology can detect this virus. It's indeed
ridiculous: our company has been accused of creating the virus itself, deliberately
- like, Dr. Web is taking pains to promote its products that way. Finally I made a
public statement saying: "Ah, well, we did invent that new virus only because we had
nothing else to do!" Some must have taken the message seriously because a number of
users asked us to provide an anti-virus cure as well. Just think of it: none of the
"leaders" can even detect that virus, and we are supposed to provide a cure! And no
joke cure it must be, because they use the XTA algorithm which is as hard to crack
as DES. Actually, we have been approached with that request not only by users of our
own software but also by other anti-virus vendors' clients. I would tell them, "You
guys have vendors of your own, right? Ask them to provide you with at least
detecting tools!"

Why are all the major market players keeping mum? Is none of those who know who the
real technology leaders are willing to purchase an excellent engine - or maybe the
entire company as well?

Well, they are willing to buy, and we have heard many offers. Or, rather, we had
many offers - until recently. Those who have been in the market for quite some time
know all too well that Dr. Web is not for sale. I don't need to sell it. Why? I've
got a good business of my own that yields enough money for me to enjoy by life. My
objective is to keep on improving our technology and do my best to make life for my
company's personnel as enjoyable.

You wouldn't want to do that under the auspices of a global corporation?

No, why? You know, living in the country is real fun. Moreover, I know exactly where
I belong in the world anti-virus hierarchy. Everybody in the anti-virus software
market knows that there are only five companies worldwide that offer technology of
their own. The rest steal it from others.

What would you describe as a really good anti-virus instrument today?

There are many evaluation criteria. One is the ability to detect sophisticated
polymorphic viruses without any exception. While testing our product we make, say,
10,000 copies of one and the same complicated virus. If at least one of those is
left undetected, it's an emergency for us, and we send our anti-virus tool back for
re-development. Besides, there's another important criterion: an anti-virus
instrument must excellently perform its basic functions without irritating the user.
It must not scale down your PC's efficiency notably, or shout like one mad every
other second that it has saved your system again from imminent destruction, and so
forth. And there's the remarkably workable system of myths and rumors to be taken
into consideration. If someone says that "this vendor's anti-virus tool fails to
detect everything", word will go around immediately - you know what I mean. It's
like buying a door lock - the heaviest, the most sophisticated, and generally, the
best and most expensive - and then hearing on TV that it can be opened with a
hairpin in a couple of minutes, which means it is no better than an ordinary one,
worth $3. Therefore, the sole reliable criterion is quality. Unfortunately, it can
only be tested on your own skin.

There are scores of "anti-virus quality" ratings today, like "This product detects
99.95 percent of known viruses". What do you think of those?

That's pure marketing. In the first place, the very figure of 99.95 percent seems
questionable. All those tests are held like this. Say, you have a large collection
of viruses of which each must be detected. If at least one virus is left undetected,
the entire software product cannot be called anti-virus. In case of unknown viruses,
it is totally unclear how to calculate the percentage of detected viruses. Besides,
methods of testing may vary. For example, you may download what you call a "virus
dump" from the Internet and try to clean it up with an anti-virus. The resulting
efficiency factor would hardly be higher than 90 to 92 percent. But what kind of a
virus collection would that be? It would be one containing huge numbers of broken
files, binary viruses, etc. These being unworkable viruses, why waste time trying to
detect them at all? My position in that respect is pretty rigid: I never deal with
trash or add it to my databases. Meanwhile, many anti-virus vendors have won
considerable publicity working with this particular kind of collections. I do not
mean to say that's bad; that's just one way of doing business. But the question is
how relevant all those ratings are. I deliberately exclude all that rubbish as
irrelevant; but then it turns out that Dr. Web fails to detect everything. Is it
good or bad, you may ask. Well, judge for yourselves.

Here is one example to illustrate it. A French partner once called us to ask
angrily: "Why do you sell a product ranking only 17th in the world?" It turned out
that a respectable British computer magazine had published a rating list of
anti-virus software in which Dr. Web ranked as low as 17th. I then called that
magazine's editor to ask what evaluation criteria they had applied. "Those data are
not ours; they were supplied by a third party," he said. Finally, we tracked down
that "third party" - a teenage virus collector living in Greece. The guy really went
mad with delight hearing a real vendor speaking to him on the phone. Asked about his
evaluation criteria, he said he had tried a variety of anti-virus tools on his virus
collection, giving a certain number of points for various functions. "Who ranks
first according to your list?" I asked. He mentioned a vendor commonly known to use
another company's engine. And the engine developer itself, a company offering its
own software, turned out to rank much lower. Is that fair? This situation can be
extrapolated to a wider context. Say, if a company has suggested a methodology of
its own and succeeded in establishing itself as the image-making vendor, all the
other vendors will be expected to use that methodology - or risk being listed among
those whose products are only 80 percent efficient.

Regrettably, those ratings will affect a company's image, whether you like it or
not. The worst thing is that they create negative attitudes on the part of users.
What's to be done about it?

Nothing. That's why I call the anti-virus market a bubble. It's up to the user
himself to judge whether an anti-virus tool suits him or not. Besides, our company
should care about its reputation. It helped us survive through the crisis and keep
on developing; we have lots of respectable partners and the number of users has
steadily grown. That's the sole reliable criterion. We know all too well that it's
no use "ordering" a high rating because a vendor with larger sales may order three
such ratings. Anyway, the user would be left misguided and defenseless. Therefore,
we need to uphold our reputation. This can be done, specifically, by sticking to our
not-for-sale policy. Big money can be beaten by still bigger money, whereas good
software is unbeatable.

How can an end user find a "really good" anti-virus instrument?

That's very difficult, especially today. The users are scared. They are constantly
threatened with viruses, other dangers, and innumerable Trojan worms trying hard to
steal their data. This atmosphere is created by some anti-virus vendors in the first
place. It's like the situation with the birds' flu: some say a pandemia is
inevitable, and we all will die. Horrific, isn't it? Some people give way to panic
but others stay cool, hoping it isn't as bad as that, after all. Keeping the users
scared and persuading them that only your product can protect him against any
trouble is a very clever idea. A person will buy your anti-virus software, although
he may never catch a virus at all and never know how efficiently your product works.
Quite often, we have had to clean up thousands of viruses after an alternative
anti-virus tool's operation.

I, too, have some anti-virus software - not Dr. Web - installed on my PC. If you
scan it for viruses and detect a thousand or so of them, and given they have not
bothered me at all, are those viruses really as nasty as they are described?

A good question. Well, no, they are not that nasty. I always say if you have no
confidential data in your computer, you generally don't need an anti-virus tool.
What harm can be done to your PC if there's nothing to spoil? Oh, well, it may grow
a bit slower. But if this doesn't hamper your work, you may as well forget all about
it. If you only use your computer for playing games, should you really waste money
on anti-virus software? But if you think of all those passwords, an anti-virus tool
may come handy, after all. Besides, your computer may be turned into a zombie for
spamming, etc. It's the same way with a person's health: if you are fit and strong,
you will not want to start taking pills. But you will most likely take vitamins to
stay healthy. For an end user, anti-virus software is a kind of such "vitamin".

While selecting your anti-virus system, don't look at any of those ratings because
they are based on "laboratory" testing. They take a collection of "dead" viruses and
test a variety of anti-virus tools on them. Each tool "sees" a virus, reports:
"Danger: virus detected!" and goes on with the scanning process. In real life, it is
different. You work on your PC, enter a website and - there you are! - you are
already infected, with some process suddenly grabbing 70 percent of your machine's
capacity. With anti-virus software installed, you feel okay. Otherwise you rush to
buy it. And it doesn't matter which - probably, one offered by some of the
"leaders". But there are just a few anti-virus tools in the world that can be
installed on your infected PC. The rest won't allow the setup function to be enabled
because of the resident virus, and you will have to reinstall the operation system
from scratch. Everything becomes clear at once. But none of the "leaders" has ever
done this kind of testing, although Boeing once pointed to the problem. They don't
want to do it - it's too big a headache.

An anti-virus tool can only detect a virus if it "knows" it. Meanwhile, many vendors
at the information security market have spoken about proactive defense.

If you refer to various behavioral technologies or the tracking of potentially
dangerous processes, Dr. Web proposed a number of solutions in the relevant areas as
early as in 1993, winning some prize and an invitation to attend CeBIT.

Some producers have gone as far as saying that they will incorporate an anti-virus
function into their IDS/IPS or program solutions, which will eliminate anti-virus
software as a class. Is that possible?

Their words cannot be taken seriously. Any complex solution is bound to be weak in
at least one of its functionalities. We have tanks, and battleships, and fighter
planes today. But we also still have the Kalashnikov. If there's a loophole, a virus
will be sure to use it. And a complex solution will always leave such a loophole.
Creating a perfect product is impossible, especially on the basis of a dozen
specialized, narrow solutions. Very few people have asked whether or not the
components - those specialized products - are good enough. While trying hard to
protect our customers as efficiently as we can at each step, we are fully aware of
the fact that we cannot possibly guarantee invariably high quality. We know we can
only do this and that, and we walk the talk. For example, we protect Unix and Novell
better than anyone else.

But what if some huge company buys the best of those specialized solutions with a
view to producing a "perfect" product?

You can't buy each of them. But you can well buy an engine. Why not, if this is
beneficial for both us and our customer? Our engine drives a variety of anti-virus
instruments, and we earn money on it. For example, Korean Airlines and many other
major clients use our anti-virus software - in a variety of wrappings.

Your devotion to principle seems to be a major barrier to business. Where is the
dividing line between scientific interest and commercial interest?

It is very hard to feel. Honestly, we have often made mistakes rejecting something
as irrelevant and then coming to realize we had lost a major opportunity. It's
always been that way. Gains alternating with losses - that's life.

And how about maximizing your sales?

What for? Setting this kind of goals is not exciting. What can we buy with that
money? Some believe we can buy freedom. Freedom from what, one may ask. Will we feel
free flying wherever we like, eating and drinking whatever we like, or living
wherever we choose to? Sometimes, a person who has planted and harvested potatoes
with his own hands feels much freer than that. Alexander the Great wanted to be
buried with his hands outstretched. Having conquered half the world, he wanted to
tell everyone: "Look, I haven't taken anything with me." Money, money, money. Many
people today believe that anything goes when it comes to moneymaking. What about at
least some moral norms and values? We are interested in developing our technology,
in doing something new. We want to engage in creative activities. This is one of our
major values.



Web Site = http://www.drweb.com

Contact Details = 125124, Russia, Moscow, 3-ja ulitsa Yamskogo polya, vladenie 2,
korpus 12A