Interview with Nick FitzGerald, Emerging Threats Researcher, AVG Technologies and Impulse Gamer

Before working AVG, tell our readers a little about your history? 

I worked in the computer centre at the University of Canterbury, in Christchurch, New Zealand for about ten years as a consultant.  I mainly covered PC support issues and was responsible for overseeing the Help Desk the last couple of years I was there. During this time I became quite interested in computer virus and antivirus issues and belonged to several online discussion groups and mailing lists sharing information on related issues.

1997 to 1999 I was editor of The Virus Bulletin, a UK-based journal that specializes in computer virus and antivirus issues at a fairly technical level.  Reflecting changes in the threat landscape, it now also covers broader malicious software (malware) and spam issues. VB also runs and publishes industry-leading antivirus product tests. 

Between VB and AVG, I worked on contract mainly for the antivirus team at Computer Associates.  

What is the best aspect of working with AVG? 

I mainly work with the LinkScanner team who are great to work with, and include some long-time professional friends.  Oh, and I get to work from home!

 How has the threat landscape changed? 

Recently, not that much, other than the sheer increase in volume of malicious sites.  But they're mainly doing "more of the same".  In the slightly longer-term, over the last year or so say, we've seen a otable up-tick in the use of social networking sites.  This reflects the obvious popularity of these sites and the bad guys' recognition of them as increasingly valuable (and lucrative) targets.

What is the biggest threat or "uh-oh" moment in your career working with Internet Security? 

While at VB I commissioned the first detailed analysis of the CIH virus, which initially seemed very interesting for purely "virus geek" reasons.  As a result we were the first to recognize the full scope of its destructive payload -- it would "fry" the victim PC's BIOS making the machine entirely unbootable (leading to its later nickname "Chernobyl").  We finally uncovered the full effects of this just a few days before one of the trigger dates for this payload.

What are the challenges in this industry? 

The biggest challenge is actually effecting change.  We see the results of the labour of a lot of organized crime groups, their minions and affiliate marketing schemes.  We can generally share a lot of data about these activities with relevant local and international law enforcement agencies and the like.  Much of this activity does not even require new law to criminalize it -- for example, fraud is pretty much fraud regardless of whether the action takes place by real world letters and documents, phone calls, email, instant messaging or whatever.  The trouble we commonly run into in trying to bring the culprits to account is the lack of inter-jurisdictional co-operation between law enforcement groups, which often stems from different policing priorities in the different jurisdictions and/or differing evidential requirements.

Are there any downsides? 

If you want a family life, the 24/7 nature of this business may be seen as a downside...

And the frustration of seeing the same thing over and over again.  Well-informed computer security folk are probably the heaviest users of the Santayana phrase "Those who cannot learn from history are doomed to repeat it", but I often wonder why Marx' "History repeats itself, first as tragedy, second as farce" is not more widely used in these same circles.

What are your top ten tips for ensuring PC security for our users? 

Aside from the usual advice such as run good antivirus software and keep it updated, enable auto-updating in your operating system to keep it patched, ditto for your applications like Office (MS or Open), Adobe Reader, Shockwave Flash, etc, etc I've recently been telling people to always remember the following... 

• No-one in Africa wants to GIVE anyone their money or gold.

• Microsoft/Google/a Russian oil magnate/VW/BMW/etc certainly does not want to GIVE anyone money/a car/etc.

• A stunning Russian blonde DOES NOT want to marry you.

• You CANNOT win a lottery you did not enter.

• If it sounds too good to be true, IT IS.

• A web site, Email message, IM or tweet that tells you you need to install security software IS LYING.

• Just because it's in a Google search result or an "ad by Google" does NOT mean it is safe.

• If the options seem to be "Click OK/Run/Install" or "turn off the computer", TURN OFF THE COMPUTER.

• Did your friend REALLY send you that message?  In the age of Facebook, etc can you ever really tell?

• is your friend really as smart about computer security as you think?  
  A. No   
  B. Not at all   
  C. Well and truly not   
  D. ALL THE ABOVE

In your time in the industry, what are some of the worst stories that you have heard or reported? 

People being scammed by the Nigerian 419'ers deciding to go to Lagos to seal the deal once and for all, getting kidnapped when they arrive and then their family face having to pay the ransom demands.  There are reports of people eventually being murdered in these situations. 

Bots storing pornography, particularly child-porn, on the victim computer and this being found, reported to employers and/or law enforcement.  The PC owner/user is subsequently fired, convicted of child-porn charges and so on, when their only "crime" is not being particularly careful in their use of the computer. 

The Julie Amero case where a substitute teacher was left in charge of a classroom with poorly maintained and secured computers. It transpired that the PCs had spyware or adware installed on them, spawning a stream of pornographic site pop-up ads.  Between the pornographic images being displayed and the existence of the malware being uncovered following expert forensic examination after her initial trial, her life was ruined and arguably she miscarried due to the stress of living through all this. 

Will the internet ever be safe? 

If all the computers are turned off or disconnected from it, then maybe...    -) 

But seriously, security is a process rather than an endpoint.  As computer security guru Spaf [Prof Eugene [Gene] Spafford] once said "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." [This is often misquoted with titanium and nerve gas featuring -- see Spaf's page on this and other notable quotes of his http://homes.cerias.purdue.edu/~spaf/quotes.html .] 

The point is that "securing your computer" is an exercise in risk management.  What level of risk are you prepared to face?  How much is achieving that (or a better) level worth to you in terms of money, time and effort, possibly reduced ease of use, etc? 

Where do these threats generally originate from? 

There are two main sources of Internet threats at the moment.  First is poorly configured and secured web servers, often due to the use or misuse of popular but badly written "web applications".  Second is a large user-base that understands neither that they are each system administrators, nor why it matters that they should understand this in the first place.  Both these causes are due to massive over-selling of the notion that popular IT system components are "Internet ready". 

A third major issue which is beyond the control of typical Internet users is that the mechanisms that, ummmm "govern" the Internet are as laughable as they are ineffective.

Why can't the government or governments stop them? 

I can only answer this with my personal opinion which almost certainly does not reflect any official position of anyone else... 

Ignorance and protecting mostly little-understood vested interests. 

That is, the main reasons politicians seldom get anything major right first, second or even third time around.  For now, I'm just hoping that they start working on their first attempt...    

Thanks for your time Nick and all the best with AVG 

Cheers!

John Harrison Interview
Symantec Group Product Manager, Endpoint Threat Protection

INTERVIEW WITH
iCon the Mic King

Welcome fellow Impulse Gamers, now that we have the low down on Acid Music Studio, what it can do with music loops and mixing, I thought it only appropriate to speak to a real professional artist that makes use of Sony Acid products in some capacity as they create their music. Rapper iCON the Mic King has been round the block and still sounding surprisingly fresh with the mix of Rap and hints of soul. With this man it seems like his dedication to his art, is whole. (Making a living at it, can't be half bad either... but if you really listen, the music is a life time, not a past time for iCON the Mic King.

1: First off, thank you for taking time out to do this over the net interview for Impulse Gamer. To kick it off, I have to ask....the music industry is competitive enough,  Granted a music artist has to be freaking good at what they do. But for Rap especially, For a Rapper you have to have some mad skills, it seems you have to really be feeling it or you are not even yesterdays news. How tough is it?

Well it certainly is a lot easier than you made it sound [laughs]! However the struggle for me isn't in the creation of the rhymes it's more in keeping all the balls I have to juggle in the air. In these times with the industry being a lot less lucrative you end up having to wear multiple hats to stay afloat. Even so I don't mind the challenges and I like to think I make it look easy!

2: How did you get your start? What's your best memory of when you first got your start? What's your worst?

My parents moved me out of Philadelphia for high school and rhyming was one of the ways I stayed connected to my "urban roots." I started out freestyling in '95, then started releasing records and hitting the road in 2002 and haven't really looked back. Best memory? Everything was magic when I was first starting I didn't understand all the mechanics of rapping so it seemed like I was dealing with word magicians so every cipher, every show, and battle was amazing to me. You can still hear those ethics I learned from then in the way I write. I guess my I just loved how fast in my case that the student became the teacher. Worst memory? I don't like focusing on negatives [laughs]!

3: Jumping around a bit here, since we are tying this interview in with Mixing and sequencing on Sony Acid Music Studio, I understand that no matter how good your system is, if the Mic is crap, it just ain't happening. Between some of the basic Microphones such as a Dynamic or Condenser Microphones also have a number of different pick up patterns. (Cardioid , omni directional, and figure eight pattern...) Are there certain types you find yourself using? Do they help in that sound your trying to get?

Honestly I don't get that in-depth with it. I have a Rode NT-1A condenser mic I record everything in Acid then I hand it over to my main producer Chum the Skrilla Guerilla and he works his magic in Acid and SoundForge. He has all the good plug-ins and the know how. Truthfully I would want something warmer like the Blue Baby Bottle mic. I'm pretty sure they are both cardoid but as a starving artist I can't really afford it so I just got what I could and I'm lucky enough to have an engineer who is real good at what he does.

4: What do you like the most about Sony Acid Music Studio?

I love how intuitive and easy to use it is. As with the rest of the Sony products once you know one you know them all. It makes it very easy for me to whip up custom instrumentals and intros for my shows and even make a beat or two if I feel like it. It's especially easy to record myself. I arm a track and hit ctrl + r then jump in the booth. It's kinda funny to watch.

5: I have to admit, I was more than a little surprised at some of the intricate string intros for such songs as Drifting with the tide ft. awar. That is some really masterful stuff going on. How hard is it to keep the bass elements with out screwing up the upper frequencies? (I know mad skills...) How involved is the process?

Vanderslice made that track, I'm not sure the process that went into it, however I know from watching Chum mix tracks it's pretty much a guess and check process. You generally have an idea of what will work from all the experience with the program but even so you have to play around with the various assignable effects until it sounds the way you want it to.

6: Speaking of the arrangements, some artists do it all as they go, some start out with it, while some even dread it and leave it for the very end. Do you have a process you stick to? Or is it different every time?

I generally have an idea of what events I want to happen in the beat as I go however a lot of the times those ideas don't mesh with the producer's ideas and we'll argue it out but we'll arrange the beat roughly and then fine-tune it once all the vocals are laid and manipulated. Sometimes if a beat is arranged in such a definitive way when I get it I'll just write directly to it so there no post-arrangement at all but the former happens a lot more than the latter.

7: Is there a song that you created and are not particularly happy with, and if you could, you would take it back.... And Why?

[Laughs] If I say that then all the readers of this interview will go download it so I should just lie and say a song that I really like. There's plenty of songs I have that I don't like anymore because I outgrew them in one way or another. I loved them all when I made them though so that's gotta count for something. I don't think I'd take anything back however I did kick around the idea of re-recording some songs and re-releasing them as a record called "Revisionist History."

8: Tell us, if you can of your latest project...

I just released the first set of songs in my "Headphone Classics" series. The songs are "Drifting with the Tide,” “Fall from Grace,” and Sparks Fly. All songs feature my dude Awar and are produced by my man Vanderslice. We did videos for “Drifting...” and “Fall From Grace.” Headphone Classics is a series of songs I’m going to be releasing quarterly as a way to give the fans new music and videos regularly without having to reduce myself to making mixtapes.

9: Thank you so much for taking time out for this, now open floor. What would you like to tell your fans and your soon to be new ones?

Thank you for taking the time to shed some light on the best rapper ever. [Laughs] Thank you (the reader) for taking some time to check me out. Feel free to find out more and stay in contact at:
www.iconthemicking.com
facebook.com/iconthemicking
myspace.com/iconthemicking

I’m So Good At This! Peace!

How about that Fellow Impulse Gamers?

You can also check out iCon The Mic King on iTunes, just search for iCon The Mic King. If you do not have iTunes yet, get it at www.apple.com

Have fun, play games, be creative!
Edwin Millheim

ZERO ONE
CHRIS MICHAELIDES
1st of July 2009

Impulse Gamer recently spoke with Chris Michaelides, the project manager from Zero One whose team was responsible for the development of the 3D movie for the A Day Pompeii exhibition which is currently on display at the Melbourne Museum. Zero One have also created award winning cutscenes for games such as Space Chimps, Jumper and Wanted to name a few.

With 6 developers working on the project which lasted 6 to 7 months, the end results were truly spectacular and really allowed the viewer to understand what that fateful day for Pompeii may have been like. Unfortunately it is estimated that over 2000 people died on August 24th, AD 79 and eight body casts of the Vesuvius victims will be on display in Melbourne.

Before engaging in this project, the team needed to research not only the area where it occurred but key elements such as lighting and how the pyroclastic flow interacted with the real world. The team worked in collaboration with the Melbourne Museum to ensure the accuracy of the presentation and interesting enough, there was never any lava present during the eruption of Pompeii.

Trent, the Art Director informed Impulse Gamer that Google Earth was used in terms of lighting which allowed them accurately recreate the lighting before and after the rupture of Pompeii. The main software package used to create the 3D movie was 3DMax Studio with a variety of professional plug-in such as Rayfire to accurately portray the pyroclastic surge, including Max Particle and After Burn.

To create the 3D appearance of the movie, three layers were created to give the illusion of 3D with every scene needing to be set dressed. Using state of the art computers and software to create this movie, the amount of storage required to create such a presentation was quite inspirational as the film itself ran into terabytes.

Zero One worked in collaboration with Mick Gord (Game Audio Australia) who came up with the majestic soundtrack of the movie, including the sound effects and music for the exhibition. The most challenging aspect of creating such as a complicated short film was that the project was quite time consuming and there were some lighting issues that needed to be resolved.

Other challenges included the layers and creating that 3D effect, however Jay noted that seeing the final production come together was definitely the most rewarding aspect. As both Zero One and the Melbourne Museum own the rights to this movie, they are hoping to lease this movie to Singapore when the exhibition moves their after New Zealand.

After seeing the final presentation at the exhibition, the end result is truly spectacular and the 3D effects work wonders in immersing you into one of the world's first recorded human tragedies.

The painstaking research and work that the development team of Zero One have put behind this project truly assists in transcending this exhibition to the next evolutionary stage and makes this exhibition a first. Amazing!

MELBOURNE WINTER MASTERPIECES
A DAY IN POMPEII
Melbourne Museum 26 June - 25 October 2009

MELBOURNE Australia. - June 21, 2009 - The Hon. Lynne Kosky, Minister for Arts and the Melbourne Museum open the latest exhibition of the Melbourne Winter Masterpieces, A Day In Pompeii. The media and guests of the Museum were treated to a media preview of not only the artifacts of Pompeii itself but also the story of this doomed city.

The exhibition was officially opened by Brett Dunlop (Manager, Melbourne Museum, The Hon. Lynne Kosky and Dr. Patrick Greene (CEO, Museum Victoria) who gave the media a brief history of the significance and importance of this exhibition, historically and also to the city of Melbourne.

The Hon. Lynne Kosky mentioned Pliny the Younger in her speech, one of the witnesses of the eruption of Mount Vesuvius who wrote letters to historian Tacitus about this event. In relation to Melbourne, this will be the only city in Australia that will hold this exhibition and it will ultimately bring thousands of visitors, from Australia and aboard to the Melbourne Museum to witness this spectacular display.

With over 250 objects on display that include gold jewellery, gladiator armour and other archeological artifacts, the exhibition goes beyond just the artifacts by helping the visitor understand what life in Pompeii was like through interactive multimedia presentations and even a 3D movie showcasing the last days of Pompeii. The exhibition hall has even been designed to look like certain parts of Pompeii to truly immerse you into this ancient city.

The speakers also thanked Dr Antonio Varone, Soprintendenza Speciale per I Beni Archeologici di Napoli e Pompei who assisted the Melbourne Museum organise this epic exhibition. Three years in the making, this exhibition will take viewers on a journey back in time as they experience this remarkable culture that was in essence frozen in time.

The story of Pompeii began on the 24th of August 79 A.D., which would have this city forever captured in time. During the middle of this day, around 1pm to be precise, Mount Vesuvius began its deadly eruption and although many fled the city, thousands also lost their life when the deadly pumice and thick volcanic ash overwhelmed this city. 

In the letters of Gauis Plinius Caecilius Secundus, he wrote ... a cloud of unusual size and appearance... being like an umbrella pine, for it rose to a great height on a sort of trunk and then split into branches ... We also saw the sea sucked away... so that quantities of sea creatures were left stranded on dry land. This man would ultimately become the link from the ancient world to the modern through his eye witness account.

Interesting enough, Pompeii is probably the only archeological discovery that has a real emotional tie to the visitor due to the almost statue-like remains of the inhabitants. A handful of these body casts are on display which were made from the original "body" tombs of this human tragedy.

Those who stayed behind in Pompeii would have died a horrendous death as they inhaled the hot gas and ash. You can even see the suffering on their faces and their bodies. After the pumice and ash, the rain would have turned this ash into mud, hence creating human statues that are now on display at the Melbourne Museum. It's almost as if Medusa herself looked at these people with her deadly serpents.

Victims clutched each other and shielded each other from the ash that rained from the heavens. It's truly a moving experience seeing these body casts and a memory that will be with you forever. Even after thousands of years, the link between the visitor and those who perished are very strong.

The exhibition also shows a pig and a dog who would have died in excruciating circumstances from their body shapes. Ironically, after two years, the Romans could not find the city once it was buried and it was not until the 1700's that it was discovered again.

The exhibition also explains to the visitor about volcanoes and interestingly enough, the volcano responsible for the destruction of Pompeii has not erupted since 1944. Highlights of the exhibition, include Gladiator armour, gold jewellery, including a bracelet given to a slave girl from her master, a marble bust of an unknown woman, cast of a guard dog, still wearing his bronze collar, two young women clutched together and an amazing assortment of coins from this era.

Before this event, Pompeii was an affluent city which was the home to many wealthy families. Rome was a remarkable civilization which used toilets, had water systems, make-up for women, illegal gambling and a rigid government under the auspice of the "Gods". It was the apex of civilization at this time.

Breathtaking and remarkable describes this exhibition perfectly

A Day in Pompeii is presented in association with the Soprintendenza Speciale per I Beni Archeologici di Napoli e Pompei (SANP) and costs $20 for adults, $14 for concession holders, $12 for children and $54 for a family.  

 

Interview with Roger Thompson, Chief Research Officer & Karel Obluk, Cheif Technology Officer AVG

1. Electronic viruses have been around for a considerable amount of time, what methods does AVG use to keep on top of the cyber criminals?

From the web side, we spend a lot of resources "putting things together". For instance, when we find one exploitive or hacked site, we like to see what else it can tell us. This is quite a complex business, but one example is that if a site is shooting _one_ exploit, it might be shooting other exploits, and we like to see what else might be there.

Once you find something that the Bad Guys are doing at one site, it is almost certain that you'll find the same stuff at other sites.

2. Why do you think people create viruses?

They have no life. Just kidding. It certainly used to be that kids (mostly) wrote viruses to show their friends how smart they were (mostly), and they mostly grew up and got a job and a mortgage, and found something better to do, and stopped.
These days , it _is_ their job, and they're not going to stop until they can't make a living at it.

 3. Originally, PC's were dominated by viruses and Trojan horses,  now we've seen keyloggers and unfriendly cookies, what do you think  the next threat will be for computer users?

Well, I've been convinced for a couple of years now that the web is the new battleground. The reason for this is that even the basic firewall in Windows XP does a pretty good job of keeping out worms and bots, but when you start a web browser, it creates a tunnel thru the firewall, because it starts from a trusted place ...._inside_ the firewall. If you visit a website of hostile intent, the code is able to get thru the firewall to the computer itself. If you're not patched, you're probably nailed.

4. In your professional opinion, do you think there will be ever a >day when the operating system will no longer need viruses?

I don't think the operating system needs viruses now, actually. :-) I'm just kidding... of course you meant "no longer needs an anti virus". The answer there is a resounding "No". I've been doing this for 20 years, and the only thing that's certain is that the Bad Guys keep re-inventing themselves.

>5. What is the most difficult security challenge that AVG has faced?

We have not seen any major virus outbreaks since MyDoom back in 2004. However, the biggest challenge for us is the continuous exponential growth of malware attacks. Each year, the volume increases by the factor of three or more. So for us, the most difficult is to have our researchers analyse the ever increasing flow of malware and our infrastructure to process the data and deliver in a timely manner to more than 60 million users worldwide.

6. PC versus Mac versus Linux. Do you believe there is one operating system that is superior than the other?

Define "Superior". Seriously though, there are pluses and minuses in all operating systems, including available of applications, security, target base. It depends what you want to do with the computer. I'm happy enough with Windows, myself.

7. Walking into the realm of science fiction, do you think that a virus or the like actually be beneficial if you could rework it?

Heh. It's an old argument and the answer is always "No". Not unless we're trying to hack into an alien computer, but you need a Mac for that. By definition a virus is _self_ replicating code. That means it's deciding where and what to infect... not you.

8. How does AVG ensure that their internet security programs are less resource intensive than the big three anti-virus companies?

No silver bullet here. Simply put, we always have this criterion in mind when designing new features and integrating new technologies. Ease of use and user friendliness are always on the top of the list of our design guidelines, even it means more complicated implementation for us or will take longer to deliver the product.

9. Is there such a thing as the perfect virus?

No.  All software has bugs. There's no such thing as a perfect _program_, including the underlying operating systems. This is part of the reason why there is no such thing as a Good Virus. It's hard enough to get computers to work properly all the time without adding viruses to the mix. If something starts playing up on your computer, what do you blame? The program that's playing up? Or the virus that
has attached itself to the program.

10. What do you believe are the reasons for operating systems, especially Microsoft based system for their internet flaws?

It's simple really. Security and functionality tend to exist in an inverse relationship. In other words, the more "functional" or usable you make something, the _less_ secure it tends to be, and vice versa.

Microsoft is a really successful company, with a large client base, and it is successful because it listens to its clients. The clients want "features" or extra functionality.

11. What are your top 5 tips for internet users to protect their PC's?

(1) Patch, and allow auto patching
(2) Get an anti exploit scanner, and keep it up to date
(3) Get a good anti virus and keep it up to date
(4) Make sure your firewall is switched on
(5) Be careful... it's a bit like the Wild West out there

12. Have you ever had a virus or the like on your personal computer?

Well, I always have _lots_ of viruses, but one has only got away once. In 20 years, it's not too bad.