Ted Schlein, investor with Kleiner Perkins Caufield and Byers, built one of the first anti-virus products at Symantec. Today, he says the likes of Symantec and McAfee will run out of gas if they don’t get rid of their anti-virus divisions.

“They will either need to realize their core anti-virus business is going away and make massive shifts, or they will continue to lose market share,” said Schlein at the RSA Conference in San Francisco this week. “You’ve got to change with the times. You can’t be static in security,” he said.

The security community is starting to look down on anti-virus technology simply because such tools don’t get any better until you get hacked. Traditionally, anti-virus software looks at digital signatures to determine whether or not the file entering your system is malware or safe. But it only learns that bad signature if it has seen it. Any new pieces of malware slip in under the radar.

Companies like Symantec and McAfee are running the risk of becoming irrelevant if they don’t change course. Both companies dabble in mobile security and are trying to figure out the answer to the bring-your-own-device (BYOD) trend. But Symantec, as Schlein noted, has more pressure to pivot than McAfee, which is owned by Intel. In the end, Intel can decide what to do with McAfee’s technology — and employees — whereas Symantec is still independent.

Other companies have tried behavioral anti-virus techniques, or studying the typical actions a piece of malware performs to stay relevant. For the most part, however, the overall anti-virus market seems to be slowly becoming the kid no one wants to play with.

“I believe security has to be done from the inside out, not outside in,” said Schlein.

He also said we should do away with firewalls. In fact, he won’t invest in any. Instead, he said, we should focus on protecting the information on the inside of the system — care less about what gets into our systems and more about stopping it from executing once it’s there.

This is especially important in the days of automated attacks, which Schlein said are some of the scariest threats in the industry today.

Botnets are able to storm your system, they’re cheap to use, and they don’t require much heavy lifting on the criminal’s part. Botnets are a huge threat because they let hackers be fast and more economical in attacks, say against banks, that could lead to big financial gains.

Schlein suggests the industry forget about firewalls and instead build “botwalls” that don’t try to keep the bots at bay but instead break them down once they’re on the inside.

“A botwall will be able to figure out these automated attacks,” he explained. “You need to look at these automated bots and how they work. You’re not trying to stop a bot from executing, you’re trying to stop a bot from being successful.”

Image via Meghan Kelly/VentureBeat

Microsoft antivirus software Security Essentials failed a test by the well-known AV-Test institute, which issues out certifications for the most reliable antivirus programs.

The test on Microsoft’s antivirus product found that it only protected against 71 percent of the zero-day attacks tested and 92 percent of malware “discovered in the last two to three months.” But, of course, Microsoft isn’t buying it. The tech giant released a blog post yesterday saying it tests its own products based on “customer impact” as opposed to whether a malware sample “hit or missed.”

Joe Blackbird, a program manager at Microsoft’s malware protection center, wrote the post saying that only 0.0033 percent of its customers “were impacted by malware samples not detected during the test.” Blackbird also called out AV-Test for not using malware samples in its zero-day attack tests that actually attack Microsoft computers.

“AV-Test’s test results indicate that our products detected 72 percent of all ’0-day malware’ using a sample size of 100 pieces of malware,” said Blackbird in the post. “We know from telemetry from hundreds of millions of systems around the world that 99.997 percent of our customers hit with any 0-day did not encounter the malware samples tested in this test.”

He also cited a presentation given at a recent security conference that said conducting antivirus tests is difficult.

If you’re concerned about your own antivirus software, you can check out the 22 products that did pass AV-Test’s mark. Thankfully, a number of them are free and can be downloaded from the provider’s website.

hat tip CNET; Lock image via Shutterstock

Mikael Sallnert, a Swedish businessman, was sentenced to four years in jail today for aiding a scareware scam that raked in around $71 million by tricking people into downloading bogus anti-virus software.

The U.S. Department of Justice and the FBI arrested Sallnert in Denmark nearly a year ago, after discovering the scareware scam. A statement from the DOJ says that around 960,000 people fell victim to the fraudulent software offer. The scareware used pop ups when a person visited a website to offer free virus scans of their computer. Once the victim accepted the offer, the scareware would lie and say there were a variety of trojans and other malware on the system. Then it would push its fake clean-up software, which would cost victims up to $129.

Sallnert would then push these credit card payments through the correct channels to get the money to the criminals.

“As an established businessman, this defendant put a stamp of legitimacy on cyber criminals,” said U.S. attorney Jenny A. Durkan in a statement. “He was involved in defrauding thousands of victims, and his actions contributed to insecurities in e-commerce that stifle the development of legitimate enterprises and increase the costs of e-commerce for everyone.”

Sallnert will also have to forfeit $650,000 — likely the amount he took from the scam.

hat tip The Verge, Jail image via Shutterstock

Facebook serves anti-virus software to over 30 million people through its AV marketplace — a function you probably didn’t realize Facebook had. The company added seven new security companies to the mix today that will not only provide virus protection but will also help Facebook build its security tools.

The eight new anti-virus providers are Kaspersky, Total Defense, Webroot, Avast!, AVG, Avira, and Panda. They join Microsoft, McAfee, Symantec, TrendMicro, and Symantec.

The marketplace originally launched in April and gives Facebook users a variety of anti-virus software downloads as well as Facebook tips, a security guide, and updates on current threats. The downloads are free, but you’ll be prompted to pay after a six-month trial run.

In addition to providing free anti-virus software to Facebook users, these eight companies will also help Facebook develop its “URL blacklist system.” Facebook will be able to query the companies’ databases of viruses and malware to detect infected websites before users click on them.

The social networks says the system looks through trillions of links daily. And it seems the partnerships won’t stop there.

“Whenever you click a link on our site you are protected both by Facebook and 13 of the industry leaders in computer security,” said Facebook’s security team in a blog post. “We will be cooperating with these partners more in the future and look forward to announcing new tools soon.”

Separate from the anti-virus marketplace, Facebook also opened up a phishing “hotline.” Really, it’s just an email address, phish@fb.com, where users can report phishing attempts on Facebook. Still, phishing is one of the most commonly used ways to steal personal information. It’s important that the big guys like Facebook are paying attention to it.

Virus image via Shutterstock

Seventeen percent of personal computers around the world are not using anti-virus software, or as McAfee’s co-president Todd Gebhart puts it, “walking around naked on the Internet.”

The anti-virus creator and research firm recently performed a study of 28 million non-Apple PCs across 24 different countries, finding that one in every six computers has either no anti-virus software installed, or the current anti-virus software has expired. The United States falls into the top five vulnerable countries with 19.32 percent of computers at risk, along with Mexico at 21.57 percent, Spain at 21.45 percent, Singapore at 21.75 percent, and Japan with 19.35 percent.

Finland, however, had the least amount of unprotected computers at 9.7 percent.

This is a surprising statistic as it doesn’t include Apple computers at all. It’s not a secret that Windows PCs are extremely susceptible to malware, and unprotected PCs are almost certain to get a virus over its lifespan.

Indeed, 2011 was widely considered the “year of the hack,” and cyber attacks are only set to rise up in frequency. Not to mention, if this is the number of unprotected PCs around the world, there must be significantly more unprotected Apple computers.

For some time, consumers believed that Mac computers were impervious to the trojans that plague Windows PCs, but this isn’t true. As the market grows, so will the cyber criminal’s interest in attacking the machine.

We’re starting to see malware, such as the Flashback Trojan, crop up for Mac users. The Flashback Trojan used a hole in Apple’s version of Java to infect a computer and steal advertising revenue from Google. At the time, some estimated that the malware creators made $10,000 a day from the scheme. Apple and security research firm F-Secure have both provided detection and removal tools for the virus, and Apple has since plugged the hole in its Java software.

Oops image via Shutterstock

Stop being lazy and run Software Update already, Mac users. Antivirus company Intego has identified a new form of the Flashback Trojan that is infecting Apple computers through the same Java vulnerability because you’re too “busy” to update your software.

“This latest variant uses no social engineering at all,” said Intego spokesperson Peter James in an interview with VentureBeat. “The problem is that while Apple has patched the vulnerability, people haven’t updated… This is the same problem with Windows.”

Malware writers are still pointing their Flashback spearheads at Macs because of one simple fact: not everyone is going to download Apple’s patch to the Java vulnerability allowing Flashback to enter the computer. As James explained, the previous version of the trojan accessed the computer by prompting people to download a plug-in or enter a username and password into a fake software update field. This version, called Flashback.S, however, is executed immediately when an infected website is loaded.

But it’s not just individual Mac users who are at fault for the continued proliferation of this virus. Indeed, according to Intego, the malware writers are targeting blogs using versions of WordPress that have not been updated to patch its own security holes. James explained that a hacker can put a command into the URL of a website that allows the person to insert files onto the website, without the website owner ever knowing. Those files, the Flashback Trojan, are then passed on to your computer when you access the blog.

“Since the beginning of this whole flashback ‘epidemic,’ they’ve changed methods several times,” said James. “These people are tenacious and they know what they’re doing. These are people who understand how Macs work under the hood.”

But why are cyber-criminals increasingly targeting Macs? Well, it’s obvious that Macs are gaining market share — go to any college campus Starbucks and you’ll think you’re in a metallic orchard. But, as James said, “Mac users have less experience with viruses as Windows users.” They’re also much less likely to have protective antivirus software on their computers to catch these threats.

Naturally, Intego notes that its own antivirus software can clean up the Flashback Trojan mess if it exists on your computer. We’ve reached out to F-Secure to see if its clean-up tool is still relevant for this new variant.

Trojan horse image via Shutterstock; hat tip The New York Times

A group of Anonymous members based in India has stolen the source code for Symantec’s anti-virus software. The security company confirmed the attack today after viewing the small amount of code released by the group, Lords of Dharmaraja, this morning.

Symantec, which creates anti-virus software for businesses and consumers, discovered the potential hack on Wednesday when the group posted about its newest trophy on an Internet forum. At the time, Symantec believed only some documentation on source code for software built in 1999 was compromised. According to Symantec spokesperson Cris Paden, who spoke with VentureBeat over email, the cyber criminals posted a segment of code on the same forum, which led Symantec researchers to confirm the code’s theft. It turns out the source code is of two outdated enterprise-grade anti-virus products built just five or six years ago. No consumer products have been compromised.

“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” said Paden. “Furthermore, there are no indications that customer information has been impacted or exposed at this time.”

This is the second attack focused on Internet security companies performed by the hacker collective, Anonymous. The group recently infiltrated the servers of security analyst firm Stratfor stealing over 9,000 credit card numbers and other personally identifiable information. At the time Anonymous threatened to use the credit cards to make donations to charities as part of its vigilante appearance. In general, Anonymous doesn’t have a unified agenda, but it seems embarrassing security companies by infiltrating them and stealing credit cards and code is the flavor of the week.

The two products in this attack, SAV 10.2 and SEP 11, have either died out or now run on new code. SAV 10.2 is still serviced by Symantec, but is retired software, no longer in production. SEP 11 has since been recoded to become SEP 12 and SEP 12.1. The company says its servers were not hit directly. Instead, the code was stolen from a third party source, which Paden says  Symantec is still looking into and cannot give out further details.

“Symantec is working to develop remediation process to ensure long-term protection for our customers’ information,” said Paden. “We will communicate that process once the steps have been finalized.”

Anonymous image via Shutterstock