Subscribe:
|
Categories:
ASP.NET
ast_mono
Asterisk
Code
F#
FreeSWITCH
Guatemala
Humour
IL
Korean
Mei
Misc
Misc. Technology
Personal
Photography
Security
Spammers
VoIP
Sign In
[Giagnocavo]Michael::Write()
Sunday, July 18, 2004
AV makers are lame, but this takes the cake!
I got
this press release
forwarded to me via an MVP mailing list. I couldn't stop laughing! It's from a software vendor (
Airscanner.com
) who makes AntiVirus products for Windows CE devices: Smartphones, Pocket PCs, etc. They're proudly announcing the first virus for WinCE, amidst so much FUD, it's funny! What's funny? Take a look:
1: They paint WinCE as the last hope and salvation of Microsoft.
“
The Windows Mobile operating system is heir apparent to the Microsoft dynasty. Microsoft knows the desktop and server OS market is saturated. There is no room for growth. And even as we speak, Linux erodes its market share. How can Microsoft save itself?”
”Heir apparent”? I see... nope, no more shipments of WinXP or 2003 server will be going out, that's for sure. In the future, everyone works on tiny devices with relatively small processing power and storage, running a miniature OS. Windows Embedded is never used because that'd make too much sense. Welcome to the alternate reality where Airscanner lives.
2: They make silly claims about how “insecure” WinCE is:
“But there is a problem. Security is the biggest threat to Microsoft's survival. With its Trustworthy Computing initiative splintering under the pressure of weekly vulnerabilities, Microsoft would surely protect its most favored offspring. Right?
Wrong. Microsoft left its golden child naked and shivering. Windows Mobile has almost no security architecture whatsoever. It is wide open to attackers;“
WinCE is used on portable devices like PocketPCs, Smartphones, and MP3 (excuse me, WMA) players. What “security measures” should it have? It's a single user device you keep in your pocket. “Wide open“ Yep, just like my toaster, blender, VCR and DVD player are “wide open” for attackers. However, they do quickly go on to lavish praise on WinCE (since they're trying to make money off of it).
3: “
Unfortunately, Windows CE was designed without security. Worse, handheld devices are now the easiest backdoor into a corporate network. “
Come again? Raise your hand the last time your Windows CE devices executed code under your domain account, on a domain computer. I don't see any hands. Raise your hand the last time your WinCE device executed ANY code on a corporate machine. Still no hands? WinCE adds no more risk to a corp network than already exists. Just more FUD.
4: Their terrorizing virus doesn't do anything. It prompts the user, “Can I spread?” And then it proceeds to “infect” files. They play this as a “proof of concept”. Ok, what exactly does it do? Because it sounds very much like a program *that writes to the disk*! That's it folks. It writes to files on your devices memory. If you're wondering what's scary, don't ask me. I guess the idea is to say “Basic IO works in WinCE! Run for your lives, arrg!” They portray this as a proof of concept. Well, Microsoft has these proofs of concepts around for a while. They're called Build Verification Tests.
5: The virus writer (which I'm guessing was paid for by Airscanner) writes:
“This is proof of concept code. Also, i wanted to make avers happy.The situation where Pocket PC antiviruses detect only EICAR file had to end …”
He WANTS to make the AV companies happy. I see. So, some guy takes his time to write a virus that doesn't do anything malicious, and only spreads on demand, and mails it right to the AV companies, *just to make them happy*? OK...
Even better, apparently there are only two things their software checks for. This means that anyone can write an AV in about an hour. And they want $29 for this product. Well, I guess if they sold 5 copies, that'd work out to $145/hour for them, so that's not that bad, eh?
6: The people from this company apparently can't write a simple algorithm.
“If the file has been infected, it will be marked with the word “atar” at the offset 0x11C. This is used during the infection process to see if the file was already infected. Without this check, the virus would keep re-infecting files over and over until the device ran out of memory.“
Mind you, this is the AV company, not the virus writer. They apparently believe the only way the only way to prevent an infinite loop on a set of items is to modify each item, “otherwise it'd run out of memory.” Are they truly saying there's no other way to do this? Sure sounds like it.
7: Even though it's low risk, they wanna play up the potential:
“
Note, however, that in the lab we were able to easily bypass these protection checks by making small changes to the virus binary. There is nothing to prevent malicious users from doing the same and repackaging this malware as a Trojan.“
Repackaging it as a Trojan? Excuse me? The virus doesn't DO anything. Maybe they meant “by rewriting everything“ instead of “making small changes to the virus binary“. Anyways, these things *don't spread*. Even if they tried to make it spread, it'd be very hard. The reason is because you don't usually copy EXEs around from one mobile device to another. You usually have a installer or host management system that handles this for you. If I want to give you a game, say DiamondMine for PPC, I don't copy files from my PPC to yours. I give you the DiamondMine installer, which runs on your Windows XP machine and that installs the game on your device.
For it to really spread, maybe it could email itself around. Of course, the steps would be: Get the email. Rename attachment (since EXE files are usually blocked). Copy to PocketPC device (since Pocket Outlook doesn't download attachments by default). Run file. You might as well just call the user and say something startling, causing him to drop the PocketPC. It'd do more damage that way.
Users beware: Desperate companies will make up whatever garbage they can to scare you into buying fake security products. Save your money and buy yourself a soft pretzel instead.
Humour
|
Security
Sunday, July 18, 2004 5:47:01 PM UTC
Comments [0]
|
Trackback
Tracked by:
"http://aajs1yy.biz/filipina-nude.html" (http://aajs1yy.biz/filipina-nude.html)
[Pingback]
"http://nt0poev.biz/motorola-razr-phone.html" (http://nt0poev.biz/motorola-razr-...
[Pingback]
"http://wovd0yo.biz/the-best-porn.html" (http://wovd0yo.biz/the-best-porn.html)
[Pingback]
Name
E-mail
Home page
Remember Me
Comment (HTML not allowed)
Enter the code shown (prevents robots):
Live Comment Preview