This is a must see for any aspiring musician, music producer or record label manager. Or anyone else for that matter.

First of all, everything he says make sense. It’s just so beautifully simple.

Second, even though I’m in an industry that heavily relies on presentations that sell this is one of the best I’ve seen so far. Only “bad” thing about it is the speed he talks with, but I’m guessing he had to do that to go through ~280 slides in 15 minutes

Third, the points he are making are really chilling from a business perspective if you consider what the recording industry is doing today (threat, disconnect, sue, etc.). What they are doing is the same thing as Bethlehem Steel did in 80-90′s, and that is failing to adapt to a new market.

From an article by Jim Collins, the author of Good to Great:

Compare Bethlehem Steel and Nucor, for example. Both steel companies operated with hard to differentiate products, and both faced a competitive challenge from cheap imported steel. Both companies paid significantly higher wages to workers than most of their foreign competitors. And yet executives at the two companies held completely different views of the same environment. Bethlehem Steel’s CEO summed up the company’s problems in 1983 by blaming the imports: “Our first, second, and third problems are imports.” Meanwhile, Ken Iverson and his crew at Nucor saw the imports as a blessing: “Aren’t we lucky; steel is heavy, and they have to ship it all the way across the ocean, giving us a huge advantage.” Indeed, Iverson saw the first, second, and third problems facing the American steel industry not in imports but in management. He even went so far as to speak out publicly against government protection against imports, telling a gathering of stunned steel executives in 1977 that the real problems facing the industry lay in the fact that management had failed to keep pace with technology.

Anyone seeing the same pattern again? Spot on.

If I was a shareholder in any recording company (which I’m not) I would demand change in management or strategy. Now.

What politicians seem to miss (every time) is that progress is driven by innovation. All evolution of the internet as we know it has been driven by information sharing, and this is getting more evident.

The whole term “The Cloud” proves this fact. This new hype which everyone tries to fit their life or product into really is nothing else than simple sharing between large groups of users.

In the future we will see media, music and art turn more prominent on the Internet than IRL. The companies that stick to old business and distribution models will be left behind and those trying to keep up will prosper. This is not something aggressive, it’s just a fact. No legislation in the world will change this, but it might slow it down.

“The web will own every bit”

What we are now calling the cloud is constantly, and at an increasing speed, growing and becoming more capable and integrated into our lives. Today I’m happy that I can stay connected and share my experiences while traveling in the middle of nowhere, tomorrow I will feel extremely secluded if I cannot do the same thing.

In my opinion, what should be further researched is;

How can we enable people to share more freely?

This is a much bigger and more important question than “How can we restrict people from sharing”, as people will always do that anyway.

The debate on what internet security would look like in the year 2020 at Internetdagarna ’08 made me think.

What will the malware landscape look like in 12 years?

Well, if we look at our history it’s quite hard to see a larger trend as our selection really doesn’t range that long back. Viruses and worms has been present ever since people started networking computers, and some ever longer. However, there has always been a very opportunistic area and the “bad guys” has adapted quite easily to the different challenges we’ve put them up to.

Previously the attacks were almost always aimed at being large scale and make as much noise as possible. We had the CIH virus, Loveletter, Melissa, Blaster, Sasser and so on. This type of malware did a lot of damage, caused a lot of headache, made people cry over lost images and cost companies millions of hours in overtime.

But still no one was really hurt. There wasn’t any money missing and everyone kept their identity for themselves. The game was more or less “See mee! PLZ!” and “1′m 4 b3773r VX-coder than you, mother*beep*, our cr3w rule the w0rld!!!1!!!“. Media attention was the holy grail.

This has changed though.

Some years ago (~5 yrs?) we started seeing targeted, financially motivated, malware and organizations that profited from these directly. Back then the malware authors were still learning and a lot of mistakes could be observed. We may have laughed at their worms that had bugs earlier but today it’s not that funny. They’ve learnt from their mistakes and today their cashflow enables them to do real Quality Assurance on their code.

Today almost all types of malware circulating is financially motivated in one way or another. They are adapting their methods of infection and follow world and market trends to identify the times at which hard distribution is most effective.

As my colleague Sebastian Zabala puts it; “For them it’s ‘Money talks and bullshit walks‘“. In other words, if it does not generate immediate cash return it is not the least interesting and terms as ARPIU (Average Revenue Per Infected User) are being used. This has been the single most dominant motivator for the malware evolution that we’ve seen in the past couple of years.

Several prominent groups has been mapped over the last four-five years, and one of them is the notorious Russian Business Network. They seem to have relocated now, but at one point last year (2007) a very large portion of the malware being distributed was coming from their network. This is probably the same now but from other, more separated, locations that isn’t as easily distinguished.

The methods of distribution was previously very direct and the bad guys were satisfied with the distribution method of one host infecting another but this has also changed a lot. Much of this change is probably motivated by their need to continuosly modify the malware to keep as much code as possible out of AV-vendors signature files. Today, a very large percent of infection happens through web browsers that get exploited by trusted websites. These websites has been hacked in one way or another in order to add HTML that loads malicious code through invisible iframe’s or scripts.

These attacks are made possible by insecure server-side code which enables attackers to do SQL injections for example. We are also starting to see signs of social networking applications being exploited for the same purpose and a possible method of infection here is XSS (Cross-site scripting). There’s a myriad of different attacks on the same theme, but it’s the same thing here really, insecure server-side code with a twist making the client essential. All in the true spirit of Web 2.0.

But the method of infection really isn’t that important. There will always be vulnerabilities waiting to be exploited. If not in insecure code, then in user behavior. Just look at the latest waves of fake security products. These often use social engineering to get installed on it’s victims computers, such as faking a windows desktop and tricking the user to click OK or taking other actions to install the malware. These applications alone are estimated to bring in multi-million numbers to the guys behind them this year.

A couple of years back, malware on the windows platform also started to come packed with rootkits and other methods of concealment. These technologies has been more widely deployed during the last year and we are seeing them being used in layers. For example, the droppers that first reach the systems often do not come with rootkit functionality but load (injects dll’s) themselves into system processes in order to stay hidden. The malicious software pack that is later downloaded more often than not come with real rootkits often in the form of system drivers. My guess is that this is meant to make users believe that once they’ve managed to clean out the malware they are in the clear, but only hours later the dropper sucks down another pack of crap and installs it.

From our (AV-vendors) point of view we are seeing steep increases in the number of samples (different versions of the same malware) being distributed and to cope with this problem we are inventing different technologies that either make our signature less important or help us analyze samples. For example Panda has TruPrevent for behavioral analysis and Collective Intelligence for malware identification and faster analysis.

This race will continue. When we establish an effective countermeasure to their latest move, they will change their business model or malware structure. When they do so, we will change our take on the problem.

So… What will the malware scene look like in 12 years?

Well, I don’t really know… I don’t think anyone really knows.

As technology evolves so will the parasitic creatures that feed upon it. My guess is that the malware will be more user tied and that more of the malicious code will be built upon pre-built frameworks that enable faster development. Maybe this already exist?

The Storm botnet that followed us from 2007 into 2008 and still is alive and well is a good example of what the future will have in store. The malicious code relies heavily on social engineering for distribution and installation, and the underlying structure is both stable and agile. They use fast DNS fluxing and double-fluxing in order to keep it alive and also varies communications method between IRC, P2P (eDonkey) and HTTP.

I’m not saying we’ll see more of the same, but rather more malware being based on the same thoughts; Great stability, Good control, Improved anonymity and excellent networking.

Platform independence will probably become more and more important for malicious software as well, as the array of different units used to access the internet is getting bigger every day. By platform I mean both hardware and software.

The challenge for us anti-malware vendors is to keep up. How we’ll be doing that is based on future experiences but in an ideal situation we come as close as we can to a silver bullet for every new twist that the bad guys throw at us. Our real challenge here is to be equally adaptable to new situations as they are. We need to be able to react quickly and hard without impacting the stability of our customers it-systems.

I also think that the user knowledge angle will be more and more important and this will have a big effect on malware distribution. Today I’m seeing younger people just laughing when they stumble upon a strange website and fire up ProcessExplorer to see if something bad happened. This would not have happened five years ago and it changes the way that malware authors have to think.

Hopefully we are up for a cleaner internet tomorrow, but there are no guarantees.

In a worst case scenario the internet might be clogged with garbage, which forces ISPs and national institutions to do filtering in order to isolate the countries that cannot control the organizations behind the malware. This is not something that we want to see and I hope it never goes that far with all of my heart.

Please comment with your thoughts on what the future has in store for us

Cheers,