It’s been a long time since the last time that I was bothered by a computer virus. Back then I still rent computer and own boxes of floppy disks to store my files. I always create multiple copies of my data just to make sure I have backup in case my working disks gets infected. Now, I simply shrug computer viruses off. They have yet to create another chaos in my computing life that I’m no longer paranoid. It seemed that antivirus software has become better as time went by. Still, the invite to Trend Micro‘s 1st TrendLabs tour was too good to pass up. I still want to know what’s going on inside an antivirus lab.
I was with a group of tech bloggers who visited the antivirus maker’s headquarter located at the Rockwell Business Center in Ortigas, Pasig City last June 27. The office houses the global technical support and is the research & development hub of Trend Micro. This is where threat surveillance, attack prevention and solution delivery is being done, 24/7. Although the company has offices worldwide, the Philippine center is where the action is. In fact, we learned that the TrendLabs in Texas, USA is just a backup for seamless operation in case the office in Ortigas goes down due to power failure, calamity, et al.
That means the people in this center are technically proficient to deliver the service expected by Trend Micro end-users. That’s no surprise as I’m very much aware that the company provides excellent and continuous training for its employees. I have an acquaintance who works with the company and he has been deployed to Japan and the US for further development.
The antivirus lab tour focuses at the heart of their operation and that is ensuring utmost virus protection for their users. I am aware that they have in-house contact center operation and IT services, but at that time, I’m there to learn about their Core Technology Operation which comprises the File Reputation Service Team, Web Reputation Service and Email Reputation Service Team. They’re all responsible for checking reported threats which go through solution processing within their internal system to determine malware patterns, damage, vulnerability, anti-spam and URL rating. Once a threat is pinpointed, an update is uploaded into the system and the database.
The entire process was demonstrated to us as we were introduced to each team. A threat is either captured during monitoring or reported by a Trend Micro end-user. The Email Reputation Team checks a particular email’s IP address to determine if the sender is a reported spammer. Often, the automated system checks the information against the Trend Micro database. One of the Senior Spam Investigator pointed out that if the IP address is listed in their system, the email is then blocked and bounces back to the sender. Otherwise, the email is sent to the intended recipient. Now I understood why I’m getting a lot of spam on my web mail but very few on my email client.
Then we moved to the Web Reputation Group which basically check the ratings of all website. Spammers, viruses and other malicious codes are now sent using various sophisticated approaches to inflict damage. We may receive email with instructions to click a link that opens a webpage. These sites are scrutinized by the web reputation team. Using an online tool, the web address is entered into the system to determine the rating. In addition, each page is also checked as to its legitimacy through the URL and links. This is a very important process because at times a webpage can look like a normal site that we often visit, but is actually a platform to capture personal information like log in credentials.
During the demo one of the engineers showed a webpage that looks like the log-in screen of Facebook. But he showed us that the URL is different. We were told that the page is one of the reported threats. TrendLabs conduct thorough investigation on the URL, as if splicing the fiber of a meat. Its always important to check the web address before logging into our clicking something, lest you become a victim.
Our last stop was with the File Reputation Service Team. They are the ones who check the file/s attached to emails that we receive which we sometimes download and even run in our computer without much thought. One of the Threat Response Engineer in the group showed us how they check files for legitimacy. Using proprietary applications on two computer systems, she demonstrated how the malware propagated itself into an infected system. She explained further that certain patterns can be observed on deadly viruses. If Trend Micro is unable to “heal” the infected system, that means it’s time for the R&D to work on the solution/s which will eventually be uploaded as a software update.
The 1st TrendLabs Tour was a learning experience and an eye-opener as well. I now know I should still be wary about computer viruses and malware, especially because of the Internet. It’s also important to have a solid antivirus software installed in your system. Trend Micro has been providing computer protection since 1988 and also collaborates with other developers as far as threats are concerned. And now that I’m aware of their processes, I feel more secured. After the tour, I immediately installed Trend Micro Mobile Security Personal Edition on my Android phone.