Sometimes You Have to Pick Your Partners Carefully- Huawei

October 5 addendum - "60 Minutes" to have story on Huawei on October 6
 http://www.bizjournals.com/dallas/blog/2012/10/huawei-on-60-minutes-sunday-night.html

Interesting August 27 article (and video) by CNET, “Inside Huawei, and the Chinese tech giant that’s rattling nerves in DC”.  Huawei is a $32 billion technology company, with 140,000 employees worldwide  (including Silicon Valley in California) and the holder of over 50,000 patents.  A US congressional committee has been having ongoing discussions with the organization because of their fears that the company may be a national security threat.

According to the article, “Congressmen Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.) said they were investigating "the threat posed to our critical infrastructure and counter-intelligence posture by companies with potential ties to the Chinese government.”  Some of this does come across as posturing in an election year.  In because this in involved with the  area of national security, the internet, hacking activities,  corporate and government “monitoring” of other nations by governments, there’s a cause for some concern.

Why Huawei?  The House Intelligence Committee has been vague, according to the article.  They said that they  “have received claims with varying degrees of credibility about cyberattacks internationally that may have been enabled by Huawei technology.”  This may be a bit of a stretch.  Nonetheless, the US government is specific with high tech companies about technologies that can’t be sold to specific countries, such as Syria.  

In March, the Australian government blocked Huawei from bidding on any contracts for the country's A$38 billion (roughly US$39 billion) National Broadband Network.

Symantec had ended a four-year-old joint venture with Huawei earlier in the year because of fears that the relationship could prevent it from getting information from the US about cyberthreats. Neither article discusses whether other US or global antivirus vendors such as Mcafee, Avg Technologies, Kaspersky, Sophos,  or Trend Micro, have a relationship with Huawei. Some immediate questions?  Are there areas that aren't cyber security sensitive that these companies could partner with Huawei on? What's the  tradeoff between immediate  business justification, public relations hits and  potential long term business?  It's that perception versus reality thing.

Slight correction - AVG Technologies could be in a quiet mode with respect to Huawei.  From a Thursday morning Google search using  Huawei and AVG Technologies:

AVG Partners with Huawei

blogs.avg.com/view-from-the-top/avg-partners-huawei/

1 day ago - AVG security solutions are now provided to millions of Huawei customers globally, starting in ... And now, through our new alliance with Huawei, a leading global ...

This is probably AVG Technologies' Mobilation antivirus product for the  Android OS. There also seems to be a promotion going on (can't tell exactly where) for home users owning a Huawei smart phone.

In January, the Pentagon transferred an information-sharing pilot program, called the Joint Cybersecurity Services Pilot, to the Department of Homeland Security.  Originally, the program was intended to share classified National Security Agency intelligence with military contractors.  The government was expected    to extend the program beyond those companies to antivirus companies, like Symantec, and network providers.  According to a March article in the New York Times, Symantec became “worried that its ties to Huawei would be a disadvantage when it came to being the recipient of classified threat information”. 

In 2011, Huawei released their   "Statement on Establishing a Global Cyber Security Assurance System".  Huawei held four meetings in 2011 to decide on   the company’s overall cyber security strategy.  Huawei stated that they are “Willing to work with all governments, customers and partners through various channels to jointly cope with cyber security threats and challenges from cyber security.”

   

In the enterprise, Huawei has an extensive portfolio of products in networking, IT infrastructure, and security.  On the consumer side, products include mobile phones, tablets, broadband, and modems.

http://news.cnet.com/8301-1035_3-57484472-94/inside-huawei-the-chinese-tech-giant-thats-rattling-nerves-in-dc/   

http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html?_r=1

 

AV Comparatives’ November Test Results For Anti-Virus Software (Proactive/Retrospective Test)

In December, testing organization AV Comparatives published their latest Proactive/Retrospective test report. This was for the on-demand detection of viruses/malware. This is one of a number of tests they perform throughout the year. The report constitutes the second part of the August 2010 test.

For the proactive detection of new malware, the top 6 performers overall (combination of proactive detection of new malware and false positives) were:

1. G DATA – 62%
2. Panda – 61%
3. Avira - 59%
3. Kaspersky – 59%
5. TrustPort – 58%
5. Sophos - 58%

G DATA, Panda, Kaspersky, and TrustPort were all in the top 5 in the previous report. Sophos jumped up 10 spots.

Companies receiving “Advanced+ Certification” (3 stars) for their products in the Retrospect/Proactive Test were – G DATA, Avira, Sophos, ESET, F-Secure, BitDefender, eScan, Microsoft, and Symantec.

There are many reasons a firm may select not to participate. These could include:

1. Don’t feel the test reflects real world
2. Methodology (in the retrospective test, there were no live internet connections, for example)
3. Results in previous test
4. New release coming out before test report is issued (though some products weren’t “2011” releases such as TrustPort)

Companies in the August report that do not appear in the latest report, for whatever reason (revision December 6), in alphabetical order are – AVG Technologies, Kingsoft, McAfee, Norman and Trend Micro.

People should go to the AV Comparatives website and download the complete report for comprehensive test results and test details. For each test, it’s important to note what is and isn’t included. Many of the products tested utilize additional protection features (such as behavior blockers) to protect against new/unknown malware. AV Comparatives’ test evaluated the offline heuristic/generic detection capabilities of the products against unknown /new malware, without executing it or submitting anything online. www.av-comparatives.org

Note that there are other testing organizations as well. Individuals and companies evaluating AV and Internet Security SW should also look at the others, at reviews, round-ups, and group tests performed by reputable testing organizations, and technology publications. For information on testing best practices, people can go to the Anti-Malware Testing Standards Organization website, www.amtso.org