Archive

Posts Tagged ‘antivirus’

What is Ethical?

August 10th, 2009 5 comments

If one of my college professors stumbled across this post she'd probably have a heart attack, since she taught an entire course on ethics. Yet it seemed like the most appropriate title for this post.

Over years the years, how many countless inventions have improved mankind, yet have introduced a negative side effect? The gun provides a means to hunt and defend more efficiently, yet it also provides a means to kill with ease. The plane decreased travel times, then someone thought to attach a bomb and fly over a target. Water is a basic necessity to life and even it has been used for evil.

Now according to Kurt Wismer the inventors of these (we'll leave water out of this since I don't want to start a religious debate)  should feel responsible when they are used for evil. That means that the Wright Brothers should have felt shame every time a bomb was dropped from a plane. I can't help but feel that's more than a little preposterous.

This all stems from a post by Kaspersky researcher, Roel Schouwenberg, discussing the lack of ethics in certain researchers. It seems that Roel finds it irresponsible for PolyPack to be considered valid research, especially research coming from academia. Dave Maynor responded to the post with his own write-up and that prompted Kurt's response.

So what is PolyPack? It's a research project out of the University of Michigan which has created a frontend that allows you to submit binaries for testing. These binaries are packed with 10 different packers and tested against 10 AV Engines. I happen to think that this is a great project that serves to highlights the many shortcomings of signature based AV detection. I'm also not the only one that feels this way as the paper was selected to be presented at WOOT '09.

So what's the unethical part of this research project? If it's about the use of packers to bypass AV, then I have something to share with Kurt and Roel. That's not a secret! It's fairly well known... it was mentioned in PaulDotCom podcast #125 and I'm also pretty sure I've heard HD Moore mention it during a metasploit training session. So what's left? They haven't released some super secret l33t h4X0r script that will cause every computer in the world to simultaneously self destruct nor have they reprogrammed our TiVos to record nothing but soap operas. There's only one possible answer left, and it's the conclusion that Maynor reached... they're making signature based AV look bad.

So in the end, I pose the title of this post as a question to everyone. What is ethical? Is it ethical to release research that may be used for evil? Or is it more unethical to sit on that research and keep it private, waiting for the bad guys to stumble upon it for themselves? Although in this case, the bad guys are probably well aware of packers and this becomes somewhat of a moot point, in the end if they were really desperate they could even pack their binaries themselves and upload them to VirusTotal to see ho well they do.

So again I'll attempt to close out this article. What is ethical? Personally I think sharing your research and working towards the betterment of technology is ethical and that sitting back and waiting for the bad guys  to beat you to the punch is highly unethical.

Who Will Use Microsoft Security Essentials?

July 4th, 2009 3 comments

Randy Abrams (who's a great guy to share a beer with if you ever have the chance) of ESET briefly mentioned the impact that Microsoft Security Essentials (MSE) will have on the AV market in a blog post a couple of weeks ago.

A commenter mentioned that MSE meant that his father would now install AV. Randy's response was question if he would given that there are already free AV offering available.

This got me thinking about when I stopped using AV on my home systems. I was a huge AVG 6 fan, I recommended it over everything and was fairly certain it was the best AV available to the end user. Minimal footprint, good results and not intrusive. The day that AV died for me was the day AVG 7 came out. I wasn't a fan that support for my product was discontinued and that it wouldn't autoupdate. I had to download the new version and install it, I also had to register for a serial. That wasn't free anymore, I had to provide my email address to a spam database. I did indeed download and install AVG 7, it had a larger footprint and I noticed an increase of spam (this could be coincidence but I don't believe in coincidences). I uninstalled it less than two weeks after installing it and decided to go without AV.

It was at this point that the real problem occured to me. I had set up the computers of many of my family members and on every one I'd installed AVG and set it to auto-update. They were now without AV protection. I wasn't in the same city as many of them, so I had to walk them through the upgrade on the phone (a very painful process for anyone who's ever tried it).

Why does this story matter? If there's one thing that Microsoft is good at... it's pushing updates. I, for one, will install MSE on the systems of all my family members that ask for assistance and recommend it to anyone that asks for a good, free AV solution. I may even recommend it to those willing to pay (I've always found most of the other offers in commercial AntiMalware suites to be unnecessary) if I have a good experience using it. I know that as long as the software exists they will have updates and ease of use (Microsoft is good at both in my opinion).

So in the end I actually think that MSE will steal a large chunk of the AV market, however they'll steal it from the other free vendors (AVG, Avast, etc)... the commercial vendors won't have to worry for a long, long time.