Newsmaker: Is it safe yet? Not really

Throughout 2005, the tenor of the battle between malicious hackers and corporate defenders began to take a historic turn. Until relatively recently, hackers focused their collective attention on finding holes in operating-system software.

But with the increasing automation of software patching, they began turning their attention to finding flaws in desktop applications. Meanwhile, viruses got smarter, and phishing continued on its upswing.

One person whose business gives him a bird's-eye view of the terrain is Gil Shwed, CEO of Check Point Software Technologies, headquartered in both Israel and California. CNET News.com spoke with Shwed about the changing face of software security.

Q: When we last spoke, one of the things you mentioned was that individual behavior needs to be modified when it comes to security because individuals are the point of access. Has the situation improved substantially from a year ago?

Companies need to build a security architecture that is ready for the unknown, not one that is ready for yesterday's threat.

Shwed: I think there's still a long road ahead of us. We haven't seen massive worm attacks yet, but in recent months, we saw some worms that were pretty scary. They didn't cause huge damage, so maybe the infrastructure is faster to react--because of firewalls or antivirus software or things like that.

Does that mean that companies are getting more serious or that they're just lucky?
Shwed: There still are many companies that run outdated security systems. They don't realize that keeping an up-to-date system is critical.

As you've watched the development of spam and phishing, do you think these are becoming more manageable problems?
Shwed: Out of all e-mail traffic, spam is still between 40 percent to 50 percent of the total--which is horrible. More needs to be done, but it's manageable. I mean, 99 percent of it gets blocked by the antispam software. Phishing is a more challenging problem because there's also the challenge involved with people, not just technology.

You mean their behavior?
Shwed: Yes. You can always find ways to fool people.

The even worse news is that they're getting smarter. Some of the early phishing e-mail was obvious, and you knew it was a hoax. But increasingly, it looks genuine.
Shwed: That's true, but remember that the big hackers of the early Internet, like Kevin Mitnick, got through because of social engineering. It wasn't because of the sophistication or lack of sophistication of the IT infrastructure.

So what do you see, then, as the big security issue for 2006?
Shwed: Companies need to build a security architecture that is ready for the unknown, not one that is ready for yesterday's threat. It may be that yesterday's threat will be back again, but it's more likely that it will be something different. What the threat of tomorrow will be, I don't know.

But being successful in the software business doesn't mean that I'm becoming the new authority on the peace process.

Even if it's not blocking them, it has to act quickly and react quickly. That's why we believe that software is a solution; that's what software is for--it's flexible. We say our next stage is universal updatability, so you keep up and run the new services that we have.

Let's talk a little about the situation in Israel. Has the departure of Benjamin Netanyahu as finance minister been affecting Israel's high-tech landscape? He had support from the establishment for some of the things he did.
Shwed: I don't think it's going to make much of a difference. I'm not trying to make any political statements, but I think that as the minister of finance, he did well. He promoted opening the economy to privatization, and there was generally good progress. I think that the rest of the government is pretty much committed to that.

What's the corporate tax right now in Israel?
Shwed: It's 26 percent, but we already have a reform move in the process that will take it to 25 percent.

By 2006?
Shwed: I don't remember, exactly--two years, three years--something like that.

More Newsmakers