Last week ended with quite a bang when Reuters published a scathing report about how Kaspersky Labs spread fake viruses. Kaspersky followed up immediately with a strong denial of these accusations and this week we will probably see a lot more information coming out with regards the story. Also last week, we learnt about yet another Android flaw, we saw how Disney is making a move on the software market through a new startup, and we also read a very interesting InfoWorld column about the ups and downs of Microsoft’s leadership
Ex-employees accuse Kaspersky Labs of fake virus triggers, company vehemently says nyet
A Reuters report, citing unnamed ex-employees, claims that Kaspersky Labs wrote and spread fake viruses to make its rivals look bad. Yikes! The idea was to set off a rash of false positives in order to make competitive anti-virus tools appear incompetent. Reading the Reuters report it seemed the writer had Kaspersky dead to rights but another report on Network World had a decidedly different view, running a piece on the anti-virus vendors’ stern denial.
I then went to the Kaspersky website and the statement was pretty detailed. “Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal. Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted,” the company said.
Apparently, these anonymous sources were making a mountain out of an innocent molehill. The controversy centers on VirusTotal, a kind of a clearinghouse where virus information is shared by AV vendors and software put through the AV wringer.
So what exactly is VirusTotal? “VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners,” the group’s website claims.
Kaspersky blames an incident 5 years ago for the hubbub. “In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior). https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/. After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points,” Kaspersky stated.
That effort was turned sour by an unknown mischief-maker. “In 2012, Kaspersky Lab was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.”
The question now is – whom to believe? According to Reuters, Kaspersky workers were told to find out how rivals’ anti-malware tools worked, and craft code to trigger the false positives. Vendors such as Microsoft said that they have, over the last several years, encountered a rash of false positives.
To me, this is still a murky area as the Reuters report was sourced beyond just the anonymous ex-employees, yet Kaspersky’s rebuttal is detailed and firm. We’ll keep you posted on any new developments.
Android hit with admin flaw
Here at the GFI Blog we’ve been all over Android for its ever increasing number of security flaws. These all impacted the devices themselves but now a new exploit goes has been found to go after Android’s admin tool and lets hackers install malware that can compromise multi-user Google for Work accounts by purloining users’ credentials.
Right now the flaw is real, but the exploits are still just theoretical. The flaw speaks to how the security model for Android operates, where apps are kept entirely separate, each in their own sandbox. In order for them to exchange information there is a system to establish a mutual understanding to share data via the API.
This is all circumvented by the potential malware, as reported in Computer World. Google has been alerted to the problem, but so far hasn’t issued a fix. The flaw was reported by security researcher MWR Labs. Here is the quick and dirty description from MWR. “An issue was found in Google’s Android Admin application that allowed other applications on the device to bypass sandbox restrictions to read arbitrary files through the use of symbolic links,” the company said. “A malicious application on the same device as the Google Admin application is able to read data out of any file within the Google Admin sandbox, bypassing the Android Sandbox.”
So how can you avoid possible incursion if a fix is not yet available? MWR suggests being careful when installing third party applications – as you should always be – if you are a Google Admin user.
Disney pushes smarter minding-reading marketing
One doesn’t think of the Walt Disney Co. as a computer software maven, but the company is investing in a startup aimed at letting marketers know more about how the public thinks with the intention to better target their efforts.
Search engines have been doing this for years by tracking our interests, but it is a bit of a blunt effort. Our real behavior isn’t just trolling around the web, but is far more complex. The tools by Disney protégé FEM, Inc. tries to figure out what we are really focusing on as we all seem to be doing three things at once – oh the joys of multitasking.
Disney, along with two venture capital firms, kicked in $3 million to get the FEM party started. FEM focuses on the video aspect of our multitasking lives, and by picking our brains based on past behavior, can offer up new videos we are most likely to watch.
InfoWorld pundit takes hat off to Microsoft Nadella, smacks down Ballmer
Microsoft former CEO Steve Ballmer hasn’t been gone all that long but already pundits are tarnishing his memory. Recently InfoWorld columnist Bill Snyder took some shots at Ballmer while praising Ballmer’s successor, Satya Nadella, for righting some of Steve’s apparent wrongs.
One of the biggest issue is Microsoft’s acquisition of Nokia, for which it paid $9.5 billion and which prompted an $8 billion write down. Call it almost even I guess.
Snyder got right to his point.
“The ghost of Steve Ballmer is still haunting Microsoft. But his successor is working hard to exorcise Ballmer’s spirit. By all reasonable measures, Nadella is succeeding. Simply put, Satya Nadella looks like the real deal,” Snyder argued. “Eighteen months after Ballmer left to run a basketball team, Nadella is making the hard choices that Ballmer refused to make. The Nokia acquisition was a multi-billion-dollar mistake. Unwinding it financially torpedoed Microsoft’s last quarter and cost thousands of jobs. Nonetheless, it had to happen — and Nadella did it,” Snyder wrote.
Snyder also blamed Ballmer for the problems with Windows 8, a hybrid PC/tablet OS that confused a good many long-time Windows users. Despite its sometimes-perplexing interface, Windows 8, in my view, is a market success.
Now that Windows 10 is getting better reviews, Snyder argues that Nadella here righted another Ballmer wrong. “Windows 8, dubbed Windows Frankenstein by my InfoWorld colleague J. Peter Bruzzese, was another awful Ballmer mistake. But Nadella has shepherded Windows 10 out the door and presided over Microsoft’s most successful product launch in years,” Snyder said.
But isn’t this just the natural evolution of software, and aren’t new versions of software supposed to improve on their predecessors?