The CEO of Check Point Software Technologies expects the sophistication of virus writers to improve--but he's not particularly worried about the Internet's ability to withstand major attacks.
"As much as I'm a security vendor and I like people to buy more security products, you have to realize that the Internet is not in bad shape," he says.
To be sure, customers have hardly stopped buying Check Point's security products. Earlier this week, the company posted better-than-expected third-quarter earnings and raised its outlook for end-of-year sales. The company continues to register strong demand for its virtual private network, firewall and management products.
But Shwed is managing his company at a critical juncture. Check Point now contends with competition on all sides.
Is the fight to provide security getting any easier?
No, I don't think it's getting any easier. I think it's getting more complicated.
Why? Is it because end users are still not doing what's needed? Or is it because of increasing sophistication among the bad guys?
It's both, and it's also the fact that our dependency on networking is increasing. Think about it: Ten years ago, if somebody attacked your network, you probably wouldn't even notice, because most of your network would have been connected through Novell. The fact that there were a few computers connected to the IP (Internet Protocol) network or to the Internet wasn't a bad thing. Today, if you have a small disruption to the network or to the connection; it affects the entire organization. Attacks spread very quickly.
What's your big challenge for the rest of this year, into 2005? Where is the front line of the battle?
Is the weak link the network administrator? Is it because administrators are less than scrupulous about putting updates in the system, thus leaving themselves open?
No. I used to be a network administrator, and when I am downloading software to my system, I still can't tell for sure if it's safe. For instance, I have to trust CNET when I am using Download.com.
What fraction of the attacks you intercept are from the outside, and what fraction are from internal computers?
It comes from all directions. One user getting is enough for an entire network to get infected. The other thing to remember is that a lot of it is about the policies companies use. A company that says, "If I buy enough technology, it will protect us"--that's definitely not enough.
Since 2001, there have been several major attacks on the Internet. Some have argued that it's only a matter of time before we see a real meltdown or real catastrophe. What's your view?
Like everything, it's a matter of probability. I think the Internet has a very resilient architecture.
As much as I'm a security vendor and I like people to buy more security products, you have to realize that the Internet is not in bad shape. We have millions of people on the Internet. Companies today depend on the Internet, and their uptime is pretty high.
What do you think the arrival of
It's good that SP2 is here, but I don't think it changes anything significantly.
Why do you think it's been so challenging for Microsoft to get its arms around security?
My view, as a technologist, is very simple. Go back 20 years or so, in terms of the operating system. There were and . Unix was extremely simple, extremely powerful and easy to master. You could have gone to the Unix kernel and made changes and introduced new applications. Every Unix programmer knew all the APIs (application user interfaces), because they were very simple.
The VMS approach was the opposite. Everything you wanted to do was available there. It was very, very powerful but extremely complicated. Everything was a big bureaucracy. For everything you wanted to do, you needed to read 50 pages or 100 pages of manuals to learn how to do it. Microsoft historically picked the VMS approach. It actually hired the same guy who was in charge of VMS development.
Yeah, and they got a pretty complicated system.
Microsoft has done wonders to bring computing to every user, but its system is not there, internally. Externally, to the user, it's a completely different story, but internally, that's why it's susceptible to so many bugs.
Do you see Linux as inherently more secure because it's based on Unix?
Unix has had a certain period in which to accumulate a very large amount of complexity.
And it is more complicated.
Linux picked up some of that, too.
That's true. I don't think that either Linux or Unix is error-free. But if you look at the level of sophistication, I still think that the complexity of Unix and Linux is still simpler than Windows.
When you look at security problems, one of the ways that viruses typically work is that they find some new channel that hasn't been monitored. What are some of the channels out there that are relatively vulnerable right now?
I think hackers will try to find anything, just like we found the recent bug in JPEG files.
Do you think criminal penalties for virus authors should be substantially increased?
I think that for any technology person, going to jail or being confined to home--whether it's for one month or for two years--that's a bad record, at least in Western countries.
I think the main issue is not the level of the penalty but rather the fact that penalties are enforced. Law enforcement is catching as many people as it can. The biggest problem is that most of these crimes are not considered crimes by too many people.
Is the problem, then, that we just have not created a strong enough deterrent?
That's one of them. The other is the fact that this is a global market. If somebody breaks into an office, the police here have all the forces they need to deal with it. With this, you are talking about something with which law enforcement simply doesn't know how to deal. The laws weren't written to handle the Internet.
To catch somebody committing an electronic crime, you need to do it within a very, very short amount of time. If you look at how the police work, investigating a murder crime can take two years. But if you take two years to investigate a computer crime, there's nothing left around. Even if you record the most amount of data, in two years, nobody will tell you which IP address belonged to which person over one night.
No, I think it makes it only worse. We support IPv6, but it is a much more complicated system. The reason the Internet was successful was because it was designed to be simple. The more complicated you make things, the less likely they are to be widely deployed. The more performance, the more problems you are going to have--and IPv6 is complicated. People have been trying to deploy it for eight to nine years now, and there's still a very low acceptance rate.
Do you think it will be more brittle, more prone to attack or just prone to random breakage?
If you look at an IP packet, it's extremely simple, and yet people still find hundreds of ways to exploit that. If you look at an IPv6 packet, it's at least a 100 times more complicated. So there are more places to introduce bugs and vulnerabilities. If it took the Internet 20 years to build the good network that we have today, with IPv6, it is going to take longer.