Surveying 17 Anti-Virus Firms on Their Security Practices

Surveying 17 Anti-Virus Firms on Their Security Practices

Allegations that Russian intelligence agents somehow co-opted Kaspersky Lab's anti-virus software, enabling them to search PCs for intelligence, raise questions not just about the security of the Moscow-based security firm's products, but all anti-virus products.

To recap: Israeli intelligence allegedly hacked into Kaspersky Lab's network and found Russian intelligence was already monitoring the company's communications with endpoints, as well as running searches for interesting-looking files on customers' PCs. Cue questions about whether Moscow-based Kaspersky Lab knew or abetted those intelligence efforts.
The allegations are a reminder that all anti-virus software is designed to run at a deep level on a PC, which is required to ensure it can excise malicious code. But such capabilities could be misused. In a process known as telemetry, anti-virus software typically sends hashes of known malware samples back to the vendor, so they can geographically track outbreaks. In some cases, anti-virus software also sends copies of suspicious-looking files back to the vendor, so its malware researchers, often working with their peers in other security firms, can study the malware and create signatures. These signatures then get pushed out to all endpoints to better protect them.

All Software Has Flaws

Despite the allegations leveled against Kaspersky Lab, many security experts say that anti-virus software likely has enough exploitable vulnerabilities in it that a security firm would not need to be co-opted .
And as Dubai-based incident response expert Matt Suiche has noted, any security vendor might be targeted by intelligence agencies seeking easy access to targets' PCs.

Comments

Popular posts from this blog

The Secure Socket Tunneling Protocol

Fake WAP

Lets Make a Simple Keylogger