Reuters: Antivirus vendor Kaspersky Lab tried to sabotage competing AVG

vbimport

#1

We’ve just posted the following news: Reuters: Antivirus vendor Kaspersky Lab tried to sabotage competing AVG[newsimage]http://static.myce.com//images_posts/2011/12/KasperskyLabLogo.jpg[/newsimage]

The American press agency Reuters has published another article in which Russian antivirus company Kaspersky Lab is accused of dubious business tactics. The antivirus vendor denies the allegations and calls the accusations false and meritless.

            Read the full article here: [http://www.myce.com/news/reuters-antivirus-vendor-kaspersky-lab-tried-to-sabotage-competing-avg-77155/](http://www.myce.com/news/reuters-antivirus-vendor-kaspersky-lab-tried-to-sabotage-competing-avg-77155/)

            Please note that the reactions from the complete site will be synched below.

#2

Not at all surprised. :rolleyes:

Anti-virus & computer sercurity was once a noble crusade, back in the days of Dr. Alan Solomon & co. :bow:

But like most of the computer industry, the moral high-ground was surrendered 10-20 years ago in the name of commerce. And the red line that once separated the legitimate companies from the criminals disappeared some time ago.

If would be unfair to label all of those pioneers as sell-outs. But it is easy to see why so many of them moved on to pastures new and show no inclination to return.


#3

@Ibex: Your complaints could easily be aplied, not just to the cyber security industry, but to the software industry as a whole. There is no longer a huge difference between legit companies and cyber criminals.


#4

Such actions are unethical, dishonest and illegal.

In his own words but guess what they are in russia and do you think he cares a 5h1t-NOT. Taking down your competitor is what they want to do and why would they admit to it.


#5

Everything written so far is only too true. Back in the day, the antivirus programs actually checked the file for viruses.

Today, they do not! They will check the header and if it the file is packed with anything but the UPX packer, it will more often than not be flagged as suspicions and sometimes even a specific virus trojan is reported. Today it is enough that a file contains links to a site with unpackers for it to be reported (ref: EXEInfoPE by A.S.L)

Further manual inspection reveals however, that there is no internet activity at all going on. applying the suspicious program to a test system reveals the only thing dropped is one to two files to the temp directory which may be a .mod and a .dll to play it.
In this respect, the sheer number of false positives may actually help spread viruses. I base this on the following.

A 14 year old reads about a new game and asks his parents to buy it. He gets the reply that he can have it for chrostmas. Now that is a lifetime away for a 14 year old even though it may be two months.
The next day he gets a link from one of his schoolmates and downloads a cracked version. His antivirus pops up a warning about risk-ware and cautiously he writes in the forum of the site that there is a virus in the release. Sure enough, he get loads of replies that this is a false positive that he can safely ignore. He applies the crack and play happily. This goes on for a few games but after one or two months, he recons himself a seasoned user of cracked games and so does not bother to check the forum - boom, infected.
The kid does not know that yet and the next day he passes the link to another schoolmate who calls him up about the report from the antivirus. Without any background check he tells him that he can safely ignore the warning…

As they work today, noone NEEDS an Anti-virus installed, but it will require a computer savvy person to make it work.
Here’s a way to obtain even better security, but you’ll need to reset
the settings back to normal whenever you need to install updates or new programs.
The trick is to use the security settings already found in Windows:

  1. Set the registry permission on the Run/RunOnce keys to read only
    for everyone (not just the Everyone account).

  2. You can do this for the Drivers/Services key, but it will require
    a restart. [This isn’t advisable since some programs require you to
    install drivers, still it’s great protection for existing services,
    and to prevent malware.]

  3. For the Windows NT key (winlogon/userinit), only allow the System
    account access to read and write, and set your username and other
    accounts to read only.

The above is written in an unclear way without step-by-step or exact
path to the keys mentioned. This is done deliberately!

Reason?
Well, tweaking these settings without proper knowledge can render you with no other options than a full reinstall of the operating system.
In other words, if you:

  • Don’t know the above key’s location in the registry.
  • Don’t have a firm understanding of the Windows registry as a whole
    and its function in the Windows environement.
  • Don’t understand how to take ownership of files/folders/registry
    keys.
  • Don’t know files/folders/registry keys/Security settings generally.

***** DON’T ATTEMPT THIS! *****


#6

[QUOTE=Xercus;2759408]
The trick is to use the security settings already found in Windows:

  1. Set the registry permission on the Run/RunOnce keys to read only
    for everyone (not just the Everyone account).

  2. You can do this for the Drivers/Services key, but it will require
    a restart. [This isn’t advisable since some programs require you to
    install drivers, still it’s great protection for existing services,
    and to prevent malware.]

  3. For the Windows NT key (winlogon/userinit), only allow the System
    account access to read and write, and set your username and other
    accounts to read only.

The above is written in an unclear way without step-by-step or exact
path to the keys mentioned. This is done deliberately!

Reason?
Well, tweaking these settings without proper knowledge can render you with no other options than a full reinstall of the operating system.
In other words, if you:

  • Don’t know the above key’s location in the registry.
  • Don’t have a firm understanding of the Windows registry as a whole
    and its function in the Windows environement.
  • Don’t understand how to take ownership of files/folders/registry
    keys.
  • Don’t know files/folders/registry keys/Security settings generally.

***** DON’T ATTEMPT THIS! *****[/QUOTE]
I have a better solution…DISCONNECT from the internet…


#7

[QUOTE=Xercus;2759408]
As they work today, noone NEEDS an Anti-virus installed, but it will require a computer savvy person to make it work.
Here’s a way to obtain even better security, but you’ll need to reset
the settings back to normal whenever you need to install updates or new programs.
The trick is to use the security settings already found in Windows:

Snip[/QUOTE]
Assuming that there are no security flaws in Windows that would allow its permissions system to be bypassed. :wink:

And if someone did manage to install a rootkit or other code operating outside the OS, this approach would offer no protection at all.

But I strongly agree with the principle of what you are suggesting, that the first line of defence should be to limit the permissions users are granted.


#8

[QUOTE=Ibex;2759512]Assuming that there are no security flaws in Windows that would allow its permissions system to be bypassed. :wink:

And if someone did manage to install a rootkit or other code operating outside the OS, this approach would offer no protection at all.

But I strongly agree with the principle of what you are suggesting, that the first line of defence should be to limit the permissions users are granted.[/QUOTE]

Spot on Ibex, If people did not surf logged on as a member of the administrator group much trouble could have been avoided.
Of course, if the infection is in place or a new virus finds a way to circumvent the settings they will not help at all. That is why the settings must seek to stop the malware from being able to execute its first actions. Such settings are proactive, not reactive and only one miss …
I did try to re-work two scripts to Lock and Unlock even more security settings than posted, but Windows 10 has a few tricks up its sleeve to not make the task too easy and so the work is on hold until I can fully understand what’s up.
It is all about being as safe as possible by trying to add features lousy antivirus solutions fails in providing, like security ;), without disconnecting I may add.