Anti-Virus Definitions & Malware

[D. Spencer Hines]

One of the most effective methods of spreading a virus or Trojan would
probably be to hide the virus or Trojan in an anti-virus definitions update
and then persuade thousands of people to download and install it.

Is this a consideration that has been given by consumers when they install
freeware and El Cheapo Anti-Virus Programs onto their computers -- AND by
the companies who promulgate the software?

Would not fly-by-night outfits which don't have sufficient personnel and
astute management to ensure the security of their own virus updates be
particularly vulnerable and untrustworthy?...

Not that the Big Anti-Virus Companies are not also vulnerable.

DSH

 

[David H. Lipman]

From: "D. Spencer Hines" <[email protected]>

| One of the most effective methods of spreading a virus or Trojan would
| probably be to hide the virus or Trojan in an anti-virus definitions update
| and then persuade thousands of people to download and install it.
|
| Is this a consideration that has been given by consumers when they install
| freeware and El Cheapo Anti-Virus Programs onto their computers -- AND by
| the companies who promulgate the software?
|
| Would not fly-by-night outfits which don't have sufficient personnel and
| astute management to ensure the security of their own virus updates be
| particularly vulnerable and untrustworthy?...
|
| Not that the Big Anti-Virus Companies are not also vulnerable.
|
| DSH
|

FUD.

There is a much greater propensity by magnitudes of a malicious person exploiting a
vulnerability known to exist, and not patched, in one's anti virus application. Trend
Micro, Symantec, Kaspersky, Sophos, McAfee, etc, all have had a vulnerability that could be
exploited to install new malware.

The download sites of the anti virus vendors are highly protected sites and a person with
malicious intent would have great difficulty of inserting malware in *any* signatures.
Especially when you consider CRC and checksums being performd on the signatures.

I will admit there was ONE case of a BIOS manufacturer having a disgruntled employeee who
managed to slip some nafarious code in a batch of BIOS chips. This was not viral and was
close to be a trojan type of payload. Since then great deal of manufacturer protections
steps have been taken.

Again, your post is FUD.

 

[D. Spencer Hines]

All it takes is a Key Group of Disgruntled Employees -- perhaps just a small
group -- given the Right Circumstances and Inadequate Security Checks.

I never said it was going to happen by ACCIDENT.

DSH

 

[D. Spencer Hines]

You obviously did not READ what I WROTE, but larked off on your own hobby
horse.

I never said someone could very easily hack the download site and insert
malware.

Screw your head on right and think about Disgruntled Employees.

DSH

FUD.

Again, your post is FUD.

The download sites of the anti virus [sic] vendors are highly protected
sites and a person with malicious intent would have great difficulty of
[sic] inserting malware in *any* signatures. Especially when you
consider CRC and checksums being performd [sic] on the signatures.

Again, your post is FUD.

DSH

Lux et Veritas et Libertas

 

[David H. Lipman]

From: "D. Spencer Hines" <[email protected]>

| You obviously did not READ what I WROTE, but larked off on your own hobby
| horse.
|
| I never said someone could very easily hack the download site and insert
| malware.
|
| Screw your head on right and think about Disgruntled Employees.
|
| DSH
|


I read what you said and I replied specifically with a case of a "...BIOS manufacturer
having a disgruntled employeee..." and went on to say... "...Since then great deal of
manufacturer protections steps have been taken."

Therefore the chance of a "disgruntled employee" being able to do so is so slight that it is
FUD.

Most "definitions" come in the form signatures and may be delivered by an executable but are
in themselves not executable binaries. Aff delivery vehicles would go through testing and
QC (to some degree as we know False Positives get through). Malicious code would NOT be
able to get through this process.

Plaese don't spread FUD.

 

[D. Spencer Hines]

Spreading FUD [Fear, Uncertainty And Doubt] is a charge often made against
IBM, Microsoft and other large and powerful companies by small operators and
ankle-biters.

I note with amusement that both IBM and Microsoft stock are doing quite
well -- so is Symantec, by the way -- and I own all three.

So the ankle-biters and fly-by-night operators can drown in their own FUD,
or the substance of their choice.

Malware in Anti-Virus Definitions is something any Good Manager should be
concerned about -- and small, fly-by-night purveyors of Anti-Virus Software,
who don't have the Capital, the Personnel and the Savvy Managers to insure
it does not happen are a Genuine Concern to All.

DSH

 

[Leythos]

Spreading FUD [Fear, Uncertainty And Doubt] is a charge often made against

people that don't really know what they are talking about, by people
that think they know something, by those that really do know what they
are talking about.

 

[Pop`]

You obviously did not READ what I WROTE, but larked off on your own
hobby horse.

I never said someone could very easily hack the download site and
insert malware.

Screw your head on right and think about Disgruntled Employees.

DSH

FUD.

Again, your post is FUD.

The download sites of the anti virus [sic] vendors are highly
protected sites and a person with malicious intent would have great
difficulty of [sic] inserting malware in *any* signatures. Especially
when you consider CRC and checksums being performd [sic]
on the signatures.

Again, your post is FUD.

DSH

Lux et Veritas et Libertas

Actually it doesn't take an employee right now: Look at the malwares around
that claim to have found a virus on your computer and almost force the user
to download their "program" to clear it off.
It's a cruel world out there for the newbies.

Pop`

 

[D. Spencer Hines]

Bingo!

That Too.

DSH