Ramblings of an old Doc
Published on January 8, 2012 By DrJBHL In Personal Computing

 

On the face of it, it would make you think “What kind of Security Software is this?” when actually it wasn’t Norton’s fault at all. That’s when this one starts to unravel like a John le Carré spy novel.

The code (or part of it) was stolen from a “third party”. The Indian Army. I guess they really do need some beefing up of their security, by a group called (insert dramatic name here) “Lords of Dharmaraja”. The good news? This doesn’t affect Norton customers’ financial info on their website (whose software do they use?). The code that was stolen was four years old (with updates) and was its “Symantec Endpoint Protection” (which protects leakage of data being sent from place to place). Great. I’m relieved.

Now, it turns out that other countries and armies routinely get to look at the code in security software as well as Russia getting to inspect the source code of Windows, and this has been going on since 2003. Why? To verify no “backdoor” nor “spyware” being present. A reasonable concern.

That made me wonder about maybe code being stolen from these prospective customers (or maybe sold?) and that being maybe being part of the wave of malware, and how the criminals analyzed where to attack Windows and other software.

The graph below comes from academic research http://pages.cs.wisc.edu/~pb/comsnets09.pdf and shows two peaks. The one in 1996 is coincidental with MS Word’s advent and shows the app related malware written in MS Word which became available in that year.

The second exponential “takeoff” starts in 2003. The graph shows the timeline of the five largest malware families.

Kaspersky confirms 2003 as a watershed in that:

“A professional malware market started to emerge at the very end of 2003, gained ground during 2004, and was well established by the beginning of 2005. Therefore, 2004 could be called the year in which the Internet became comprehensively criminal. Data based on Kaspersky Virus Lab statistics clearly demonstrates this trend.” - http://www.securelist.com/en/analysis?pubid=167798878

I’m not saying that Russia is guilty for the malware of all sorts which has made life so profitable for the deviants out there. It would not be justified to do so based on the few things I went looking for.

I am saying that Microsoft, Apple and other software’s vulnerabilities might well be coming from their efforts to sell it, and popularize it. They need to verify the security around their software and to maintain it. Windows 8 will be more secure than Windows 7.

Client security leaks, and greed might be possible motives, but no big conspiracy theory here, folks. Don’t start sending tin foil hats. I just got curious, and I’m not saying I’m right. I’m probably wrong.

 

Sources:

http://www.reuters.com/article/2012/01/06/us-symantec-code-idUSTRE80523W20120106?feedType=RSS&feedName=internetNews&rpc=76

http://pages.cs.wisc.edu/~pb/comsnets09.pdf

http://www.securelist.com/en/analysis?pubid=167798878

and several more read, but not used.


Comments
on Jan 08, 2012

Knowing some Indians here in my own town and some Russian/Ukraine programmers as online friends who were left with no work or unpaid and working with a promise of pay ($100usd/mo. at the time), here's how they explained to me what happens (often).

From the Indian side--and this is from Indians--not my opinion--the issue is simply corruption in government, the armed forces and business.  If someone offers a bribe, someone somewhere will accept it.

On the Russian side it's similar but has a more organized crime aspect to it.  If you were a credentialed, skilled programmer and no longer have viable work, "A friend" will share about the "job" he has.  If you take it, you will be added to a group of other programmers who have been given a task such as "back-engineer this specific part of the Windows operating system" or "decrypt this part of this security program".  Most such jobs involve only working on a small part of the overall project and normally the new hire is not told anything else about all the other jobs that are going on or even who they are for.  It's a task that when complete gets you a year of more of tax free pay and a spot in the queue for future jobs.

Many former state/military programmers refuse such work and drive cabs or whatever--others take it.  The attitude in Russia overall is, "Nichevo"..."No Biggie".  No one will judge you for taking what's offered and it is simply a personal choice based on how you feel.

Put together that in the regions where India and Russia operate, a lot of this sort of corrupt dealing is common and both have mutual interests and private/government/military business deals--well, there you go.

On the Russian side, millions of dollars are spent cracking global software and OS's.  A few years back, Russian criminals were estimated to have paid pout a total of $5 billion usd just to crack parts of the Windows OS.

It isn't necessarily so much "state action" by these countries (though I am sure that is happening too).  It's just greed.  No different to the South American peasant farmer who illegally lumbers in the rain forest to gather precious woods for sale.  He isn't trying to destroy the ecology--he just can't say "no" to the money growing out of the ground in front of him.

 

on Jan 08, 2012

I believe that to be correct, Sinperium.

I'm interested in the irony of it, though. Here MS states how secure it is (Apple too), and they (as well as other companies) drop trou in the most insecure places on earth.

On the other hand, when asked here in the U.S. to reveal their code they say no. How these two stands are reconciled eludes me.

on Jan 08, 2012

Two weeks ago Norton Internet Security was advertised by Fry's Electronics at a net cost of $0 - a bit more than it's worth, but quite the bargain, wouldn't you say?

on Jan 08, 2012

Wait--they aren't going to pay me to use it?  No deal.

FYI--up until a couple of years ago I did home computer repair and I routinely would suggest AVG free as a non-paid solution.  I stopped recommending it when it started to get "acclaim" in reviews as it immediately got targeted by hackers.  Afterwards it was quite normal to see a shell progam running that looked like a functioning AVG install but was in fact nothing but the appearance--AVG would be shut down and just occupying the systray with an icon.

After some searching, I ended up suggesting Avast! Free Edition and overall have found it to be far superior.  I have yet to have Avast disabled externally and have found it gets compromised only with help from the most egregious stupidity possible.  The fact that they regularly update the build and core features is a big part of that.

Just a tip for those wondering, "What can I do?".  Be sure to add other programs along with it...Malwarebytes remains an excellent choice after several years still. 

Norton continues to live off it's reputation gained more than a decade ago and has done little to earn retaining any sort of reputation in the past few years.  It also remains a big target of organized and sophisticated hacking efforts because of it's high profile and continued use amongst corporate clients.

on Jan 08, 2012

Sinperium
I ended up suggesting Avast! Free Edition and overall have found it to be far superior.

+1

 

on Jan 08, 2012

I've/we've stuck with MS Security Essentials for awhile, but I've been considering going back to Avast.  MSSE let a nasty piece of malware into one of our networked PC's at the office not long ago which required a drive wipe/format/reinstall of everything.  Fortunately, didn't propagate to other network workstations or the server (that we know of).

on Jan 08, 2012

I'm not trying to overplay Avast--nothing is perfect.  But in the free category I don't know of anything else I'd rely on.

AVG for example just recently broke compatibility with previous versions--after  a looong while.  I'm sure this was to address new security issues and prevent vulnerabilities. 

It''s not uncommon to see Avast do this a couple of times in a week--seamlessly with no issues.

I have a couple of corporate IT friends who tell me that prevention is no longer the ultimate goal with security software--containment and restoration is the priority...i.e., "It's a given it will get in--we just need to keep it from spreading and be able to restore quickly from backups."

A lot of the big name security companies have adopted this as policy.

on Jan 08, 2012

Daiwa, there's a pretty comprehensive review of Avast! here: http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html

 

No software is perfect in detection and prevention, unfortunately. I'd also recommend finding out how it got onto your system.

 

on Jan 08, 2012

Thx, Doc.  Our IT guy wasn't sure of the source. 

on Jan 08, 2012

 

The single best practice to ensure a user keeps their system and the programs on their system protected from malware is to NEVER run/use the computer system with an account that has ADMIN credentials.  Malware uses (with the execption of targeted and focused cyber-attacks) the SAME credentials the currently logged-on user has.  If those are ADMIN credentials then yes you should be worried for your system and its programs.

People need to really learn and embrace the concept of LEAST-PRIVILEDGE and teach yourself how to use/understand the "local security policy" of your system then AV programs being "un-installed" or corrupted or your browser being hiijacked etc. will forever be things of the past.

 

the Monk

 

EDIT:

I routinely demonstrate the powers of "least priviledge thinking" to client groups by using systems which have been "properly secured" (using least priviledge and NOT relying on some bloated third-party AV or other antimalware) by then visiting known high-threat websites and purposely connecting infected media to these systems etc. with zero ill effects.  The key is to properly secure your system so that any AV or other anti-malware software simply becomes an afterthought and is no longer the rather weak first and often only line of defense.

on Jan 08, 2012

the_Monk
People need to really learn and embrace the concept of LEAST-PRIVILEDGE

Correct. People generally then ask "How can I run sfc /scannow" or the like. Simple: log off as least privileged and log on as Administrator...Start Menu, cmd, right click, yada, yada. 

It really is a simple and not taught concept from the first time the mouse is touched through the "restores".

I'd love to give folks an online source for "How to secure your computer" that doesn't talk about antivirals but that uses proper procedures. 

the_Monk, do you know of any such site or source (besides yourself - not asking for a 'give away')?

 

on Jan 08, 2012

 

Two articles I found by googling (albeit somewhat older) that may be helpful:

 

http://technet.microsoft.com/en-us/library/bb456992.aspx

 

http://www.windowsecurity.com/articles/Implementing-Principle-Least-Privilege.html

 

I may find the time to write up a simplified "secure your computer system properly and without the need for third-party software" guide someday, seeing as creating comprehensive security and network configurations is what I do for a living but it is a matter of making/finding the time to do so.  I do agree that these principles should be taught everyone at the earliest convenience and that "computer stores" as far as I'm concerned are NOT doing their part.

The viral epidemic we are witness to these days would simply put not exist if everyone had this sort of education.  I'm not worried about my knowledgel being a "free give away" I look at it as something I can do for the greater good.  I have always intended to create said simplified guide and it is just a matter of making the time for it.  Someday I will......hopefully sooner than later as I do know guides like it are sorely missed.