Sanjay Katkar - Quick Heal your PC!
As engineers, we are responsible for the well being of the world. When it comes to the well being of the on-line world; we all rely on software that protects us from viruses, malware & spyware. We all are thankful to the engineers who work round the clock to make sure all our computers (and even mobiles) are safe from attacks.
Quick Heal is a leading provider of anti-virus and Internet security tools. Founded in 1993, Quick Heal is actively involved in research & development of anti-virus tools.
We are extremely proud and happy to have Mr. Sanjay Katkar, Co-Founder & CTO of Quick Heal Technologies for Small Talk. We hope you will find answers to most of your questions in our Small Talk with Mr. Sanjay Katkar -
CE: Sir, you are the Co-Founder & Chief Technology Officer of Quick Heal Technologies. Please tell us more about your job.
Mr. Katkar: My job involves keeping track of latest Internet Threats, new malwares and the technologies which today’s cyber criminals and hackers use to penetrate the system and to come out with technology to fight against it.
I would say my job is to help computer users to protect their computers and information stored in it using the latest technology in IT Security. My job also involves doing research on new platforms that are released to verify from security point of view how vulnerable they are.
CE: How did Quick Heal start? Why did you decide to work on anti-virus software?
Mr. Katkar: While I was doing my graduation, I was having keen interest in anti-virus research and virus analysis. During my post graduation studies I developed some utilities to protect my computer from the viruses of the time. My elder brother Kailash was running his business of Computer Maintenance and Repair at that time. He suggested me to bring out those utilities combined as product. This is when first version of Quick Heal was born. After completing my studies I worked to develop full featured anti-virus software which was released as Quick Heal Anti-Virus 3.0 during 1994-95.
CE: Could you please give us the technical insights on how antivirus software works?
Mr. Katkar: Answer to this question can be quiet lengthy and varying depending upon the depth desired by the readers. In below reply I have tried to give basic overview of how AV software works by listing various components and their functionality.
Full featured Anti-Virus software consists of several important modules like, Scanner, Real Time Protection, Email Protection, Memory scanner etc. Combination of all these modules gives complete protection to the system. At the core of all these modules there is Anti-Virus engine which serves the purpose of virus scanning. It’s a very powerful multi-threaded, multi-tasking engine that can scan file/folder/buffer for any kind of malwares and threats in very efficient way.
Each of these modules are quite complex in functionality and integrates with the respective part of the operating system to provide protection. Like Real Time Protection is based on file system driver at its core. It intercepts all the file activities happening in the system and makes sure that the file that is being accessed is clean. Email protection is based on network and communication driver at its base which intercepts the email communication to scan all the emails that are being sent or received.
Most important component the Anti-Virus Engine consists of lots of modules like file format identification and parsing, un-archivers and un-packers, signature scanners, emulators etc. In simple words AV Engine’s primary task is to scan a file for virus and presence of other malwares by, first scanning it for presence of virus definitions (signatures). After that engine also applies various scanners on the file based on the type of the file and the contents of the file. Like polymorphic virus detection engine, generic malware symptoms detection etc. Also there is a component in most of the AV engines called as heuristic scanner which is also applied on the file for detection of new unknown malwares.
I hope my reply give enough insight into the AV product and satisfies the readers.
CE: What technical knowledge should an engineer have in order to work in the field of antivirus technology? Does it involve deep knowledge of operating systems?
Mr. Katkar: Anti-Virus technology has changed a lot over the period of time and now it has taken a bigger shape of security system with lots of different security aspects covered under it. As newer security threats are being discovered daily the scope of the AV security system has grown multi-fold. To counter against all these threats one needs to have deep knowledge of the part of the system that is being targeted. As such it is very difficult to have any single person to have deep knowledge of all the aspects of the operating systems along with different technologies that are used today.
So there is scope for all those who are having deep knowledge of any of the aspect of operating system or networking. It can be file system, networking, file formats, memory management, reverse engineering, malware analysis, vulnerability analysis, messaging etc.
You are right most of the development (90%+) needs deep knowledge of the OS concepts and specifically through knowledge of the part on which the engineer is working on. It can happen like the engineer having deep knowledge of file system may not have any knowledge of reverse engineering etc.
CE: Tell us about the worst kinds of virus/Trojans/worms you have encountered at Quick Heal. How did your engineering team respond to such threats?
Mr. Katkar: Now a days most of the malwares are worst for us since cyber criminals are earning through their hacking activities, they are making sure they remain undetected for longer time to achieve their motive. To do this they end up using/deploying best of the tools and malwares to carry their act. So the latest malwares have best of the packers, encryptions, vulnerability exploits that keep on making detection difficult.
If you are looking for specific names for the worst kind of virus/Trojans/Worms let me tell you that most complex technique the malware uses the less popular it becomes. But the simplest of viruses had become very popular and wide spread. So the names that I am going to mention may not be familiar as they are not popular but were the worst kinds of malwares.
The polymorphic and metamorphic categories of malwares are worst and to name a few that had troubled most of the AV vendors are :
One Half, Natas (for DOS OS)
W32/Marburg, W32/CTX, W32/Crypto, W32/Zmist, W32/Etap ( for Windows OS)
To have proper on time detection on such complex malwares our malware analysts have to keep on innovating new reverse engineering techniques. Many times it takes a group of engineers’ collective efforts to reverse engineer the malware part by part and reach to some conclusion. Whenever such situation arises our team works day and night until they finish of the malware to logical conclusion of detection and come out with update for our users.
CE: How does quick heal offer an edge over its competitors?
Mr. Katkar: Every body at Quick Heal from office assistant to top management works as a team by giving their best. Our focus has been customer satisfaction where we constantly verify or make sure what is it that our customers are looking from us as a security vendor and do everything that is needed to satisfy those needs. We had never paid much attention to competition in this whole process.
CE: Quick Heal offers antivirus solutions for various UNIX flavors. What are the types of viruses that affect UNIX based operating systems?
Mr. Katkar: There are viruses on UNIX and UNIX-like operating systems which generally use the ELF executable file format. UNIX has seen various types of malwares like shell-code based, scripting based, ELF file infecting viruses, Email spreading worms and even root-kits. More over UNIX platforms which is more popular at sever level is the right place to intercept conventional Windows based malwares and threats as well.
CE: We are thankful to you for spending time with us. What is your message to our CEans?
Mr. Katkar: That’s a tough one. To all software engineers my advice is that the cyber crime scene is really getting worst as these criminals are going to any extent to break the applications and gain access or what ever their intent is. All those who are working on commercial applications and technology please keep the strong security angle at every level of software engineering. From design phase till testing phase one should have security aspect in the process. Especially for test engineers please test the applications from security point of view as well. For more on this please refer to the book from Microsoft on The Security Development Life Cycle by Michael Howard & Steve Lipner. It’s the fantastic book to begin in thinking on this direction. By doing so we cannot avoid getting hacked but at least make the bad guys job more tougher.
Thank you very much for considering me for Small Talk. I hope my answers are helpful to some one. If you have more doubts or queries I can be reached by sending email over my first name followed by at quickheal dot com.
CrazyEngineers is thankful to Mr. Sanjay Katkar for sparing his time for Small Talk with us. More about Mr. Sanjay Katkar can be found here - www.quickheal.co.in