13 posts • joined 1 Oct 2007
The worms are turning
Wot, the worms wrote a paper for the Royal Society? Looks as if they're well on the way to being masters of the universe.
Sounds like a 419
Not one of the most common 419 gambits, but sounds like one I've been seeing from time to time for many years.
David Harley, ESET Sr. Research Fellow
The app that dare not speak its name
Since I posted my ESET blog, I've one or two people have claimed that they've deleted unknown app and still have Boxes in their profile, so Boxes is probably not the only culprit.
Two points I'd make (and have made) in response: while Unnamed App may in some instances refer to something malicious, that doesn’t mean that “Unnamed App is a virus”. The second and more important point is that Googling for Unnamed App undoubtedly -will- turn up some malicious sites because of the SEO poisoning that's taken place, and that's something I -have- seen for myself.
iPwned: why didn't I think of that? :)
Go down Moses....
...let MySQL go...
I just wanted to say that first.
A forensic thought
Have Defcon or Blackhat ever featured in an episode of CSI? And if not, why not?
DIY (detect it yourself)
Actually, ed, the article doesn't say that Michael installed anything, only that he detected and removed the malware himself. But I find it curious that you assume that what I presume to be a networked parliamentary PC would not have antivirus protection by default. Is that prior knowledge, or a perfectly understandable cynicism? Alan Michael made some far stranger assumptions, though. However, I think I'll save that thought for the ESET research blog. :)
A passage to India?
When I was in India last month, security at the entrances of hotels and public buildings had escalated to levels we normally associate with international airports. Furthermore, if the Indian media were anything to go by, the public mood seems to be in favour of more rather than less security to a degree many countries would find unacceptably draconian. There has to be a market there...
I'm afraid that whether or not the tech document cited by Krebs represents a change of stance, Apple clearly regret it being so widely publicised. The document has been pulled and, according to the BBC, have said that it was inaccurate because "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box." It looks to me as if they've decided to put marketing ahead of customer security. Not that Mac users face anything like the volume of threats that Windows users do, but the assertion that Macs are intrinsically secure out-of-the-box is at best debatable.
re: Wait a Second
Unfortunately, it's not a difference at all. Most current Windows malware is reliant on social engineering. So unless you believe that Mac users are automatically brighter than you are...
No Mac virus since 1992?!?
I guess I can expect the usual stream of abuse for daring to suggest that any Mac was ever affected by any form of malware whatsoever, but, leaving aside the period in the mid-90s when Mac users became Typhoid Macro Mary, has Tony Smith never heard of AutoStart or SevenDust? AutoStart in particular did a great deal of damage in the late 1990s, and to suggest that no malware, viral or otherwise, has had any impact on any Mac OS version since System 7 is, to put it politely, poorly researched. Mac users may never be at risk to the same extent as Windows users are now, but to rewrite history (or, perhaps even worse, be unaware of history) does no-one any favours.
Antivirus, ethics and competence
Is it ever ethical to create viruses? Obviously not for Dr Bontchev, or for many other people in the industry. Equally obviously, a lot of people outside the industry disagree, and a short comment here probably isn't going to change the mind of anyone who thinks that the industry is populated entirely by crooks and incompetents. So let's try a slightly different set of questions.
* Is it ethical to conduct a misleading test?
* Ethics aside, is this a competent test? Is it based on sound methodology? (Hint: if you don't have a pretty good idea of exactly how it was done, that's a bad sign.)
* Is it ethical to conduct a test with the intention of proving the AV industry is incompetent by using methods that you are fully aware are considered by that industry to be inappropriate, not only ethically but technically?
* Is it rational to judge the competence of a test by the degree to which it winds up the anti-virus industry?
* If testing is so easy that everyone knows more about it than the antimalware industry or the people who do regular, professional testing, why does every test outside those groups come up with an entirely different result?
Ethics and security
Actually, not everyone in the AV industry believes that creating replicative malware for restricted purposes under controlled conditions is automatically unethical, and the fact that some researchers decline to do so doesn't give you the right to assume that they couldn't if they considered it appropriate. Here, though, the point that's -already- been made very clearly is that there is no absolute technical reason why this particular test had to be carried out using replicative software.
The actual nature of the ethical objections comprise one of the many issues that the industry hasn't succeeded in communicating very well, though individuals have tried, strenuously, many times. But is it worth it right now, given the anti-AV prejudices on display here?
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND