Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Demand for certification to prevent built-in malware

ESET : 22 April, 2008  (Technical Article)
ISO certification would prevent manufactured equipment from being shipped with malware embedded in them according to ESET.
Following yet more high profile incidences of malware being introduced onto devices at the manufacturing stage, ESET believes the time has come for an ISO type certificate to be introduced, which reflects that safe, digital procedures have been adhered to during the manufacturing process.

Over the last twelve months Tom Tom, Maxtor, Mocmex and more recently HP to name but a few, have all released goods that gave the user far more than they paid for with the extra free gift of malware. In addition, INF/Autorun a generic identification for malware typically found on usb memory keys, which tries to use the file autorun.inf as a way of compromising a PC, has been the number one global threat to computer users for the last four consecutive months.

"There are several different ways that this growing threat could be countered that is not reliant on users having up-to-date security," comments Andrew Lee, Chief Research Officer at ESET. "One of main triggers is Microsoft's autorun feature, or as we like to call it, auto-infect. If Microsoft would only make the intelligent security decision to disable this feature, a lot of machines wouldn't end up compromised."

But as Andrew Lee points out, Microsoft is not the only guilty party. "Other vendors, such as Apple should also not offer to enable autorun when their products are installed, without at least warning the consumer of the disastrous security hole it opens. Unless some sort of intervention happens soon, the problem will only get worse."

ESET also highlights that VARs, when creating their own custom media and branded devices, frequently introduce malware. Either by scanning the master with just one anti-virus product, instead of introducing defence in depth and using multiple scanners or by performing random quality checks to the finished product on an infected machine.

"In reality, virus scanning should simply be a sanity check," continues Andrew Lee. "Proper building of media means that you know exactly what is on the finished product, which then implies that if your media is infected it was deliberate or you didn't know what you were shipping. Introducing some sort of certification would at least give users assurance that a reasonable level of precaution had been taken."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo