Antivirus Vendors Headed for Court

SkiifGeek writes "A showdown between Rising Tech, a Chinese Antivirus vendor, and Kaspersky Lab in a Chinese court could have implications for software vendors that misidentify system files and files from their competitors as being malicious."

It Could Be Rising Tech Really Is Malicious

[NeverVotedBush]

China and Russia both are big time into state-sponsored computer/network infiltration. In a country like China, it wouldn't be surprising at all that the government would co-opt companies - especially anti-virus companies - to make them help the Chinese government open back doors, exfiltrate data, etc.

The very last piece of software I would ever install on my own computers would be a Chinese or Russian anti-virus package. Sure, it may finger other viruses, but it might also allow free access to the "right" people.

I know this sounds somewhat like tinfoil hat territory, but the SANS organization is frequently publishing articles about state-sponsored hacking/attacks. Why give them an easy pass? A perfect easy pass to use your system in electronic warfare against any country - especially the USA? It is at least something to be aware of and to consider.

Rising Star antivirus? Who's star is rising? China's? And by what means?

Re:It Could Be Rising Tech Really Is Malicious

[l0ne]

ClamAV is really the way to go. Fully open. Fully accountable for. And if a definition is malicious, you can alter or remove it with relative ease.

Re:Don't viruses attack system files though?

[jargon82]

It's not just "windows making it easy for them" though, it's the simple fact that nearly every windows users runs as admin. We'll see what impact, if any, vista has on this, but in all previous versions it's been a mixed bag and IMO can largely be blamed on a conflict of various policies within Microsoft.

Consider, documentation on programming for the windows OS, from MS, outlines how to write without requiring admin access and generally speaking recommends this. Microsoft produced software, by and large, does not require admin access to RUN (somtimes, yes, to install, but not run). But all this aside, the accounts created during windows setup are admin and theres no push on the users to not run as admin.

All this combines to make a virus writers life easy: the unknowing users are running as admin because it came that way, the knowing users are STILL running as admin because too much windows software requires it, and only the truly dedicated take the time to get LUA to work. (at least prior to vista)

Next time, skip the anger.

[Futurepower(R)]

Acting out your anger is optional. Next time, try dealing with your anger yourself, rather than making it a problem for others.

You said, "The number of temp files or folders is nothing to do with security."

You didn't read what I said carefully. I said that, if temp files fill the hard drive, the file system becomes slower. And also, even worse, the defrag program refuses to operate. When computers become slow, many users buy a new computer.

A few temporary file locations in the Windows XP operating system:

C:\Documents and Settings\Administrator\Local Settings\Temp\
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\

C:\Documents and Settings\ user \Local Settings\Temp\ and
C:\Documents and Settings\ user \Local Settings\Temporary Internet Files\
for each value of user . On the computer that had the trouble, there are several users.

C:\Documents and Settings\NetworkService\Local Settings\Temp\
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\

C:\Documents and Settings\LocalService\Local Settings\Temp\
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\

C:\Documents and Settings\Default User\Local Settings\Temp\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\

According to Microsoft, these may all be different:
%SystemRoot%\Temp\
%SystemDrive%\Temp\
%SystemRoot%\Tmp\
%SystemDrive%\Tmp\

In my opinion, it doesn't matter how many temp file locations defined by the operating system there are, if the number is more than, let's say, 2. I've seen computers infected with malware that uses temp file locations of other users to store files, marked read only. There is no method provided by Microsoft, that runs automatically, that deletes read only temp files in all the locations, and does that securely under OS control, so that malware cannot use those locations between computer re-starts. That's my understanding, and you haven't said differently.

Also, most users don't know to run Disk Cleanup. The point is, most users are not technically knowledgeable, and are not able to maintain Windows, and, as the New York Times article to which I linked says, they buy new computers, because that is cheaper than trying to maintain the OS.

The fundamental point: Given what I have just mentioned, I don't see that Microsoft is caring towards its customers. The company could do far, far better. Microsoft apparently doesn't do better because Microsoft managers believe it is morally acceptable to use adversarial methods to make a profit.

I didn't know I had a website. I just looked, and I can see I do. I don't have much time to make a web site, and I had forgotten that I had an index.html. Normally, I just provide links to particular articles.

Anyhow, look at this article on my "web site": Windows XP Shows the Direction Microsoft is Going. [futurepower.net] Quote:

Bruce Schneier, well-known computer security analyst, said in his November 15 newsletter that this article is "A well-written analysis of the major security/ privacy/ stability concerns of Windows XP." Mr. Schneier wrote the books Applied Cryptography and Secrets and Lies: Digital Security in a Networked World, and other books.

Back then, several years ago, I thought Bruce was being overly generous. However, soon after I published my article, which was translated into French and Spanish by readers, and other languages for which I could not find an editor to verify the translation, security vulnerabilities were found that I predicted in the article.