Отправляет email-рассылки с помощью сервиса Sendsay
  Все выпуски  

Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?


Антивирусный "хостинг"

Клуб пользователей антивирусных услуг (Saas, Cloud)

добавить на Яндекс
Антивирусы и безопасность (SaaS, Cloud ...)

Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?
2013-05-27 05:04

KMM поделился ссылкой

Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?

Anti  trojanBy now most users will already know what ransomware is, either because they were at one point effected by it or because they saw it on a friend’s PC. Ransomware usually refers to a special category of malware that essentially tries to take the user’s computer as well as his files hostage and requires him to pay a ransom for the malware to return control over the computer back to the user. The general method of operation so far has been to just confront the user with made up legal accusations. However there is a slight chance that in the not so distant future these accusations may no longer be made up.

Just a few days ago the “Commission on the Theft of American Intellectual Property” released their 84-page report. Amidst a large amount of rather naive ideas there is one idea that strikes us as particularly insane: The report proposes to use malware to figure out whether or not you are pirating intellectual property and in case you do, lock your computer and take all your files hostage until you call the police and confess your crime:

Additionally, software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized user’s computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.

It gets even better:

While not currently permitted under U.S. law, there are increasing calls for creating a more permissive environment for active network defense that allows companies not only to stabilize a situation but to take further steps, including actively retrieving stolen information, altering it within the intruder’s networks, or even destroying the information within an unauthorized network. Additional measures go further, including photographing the hacker using his own system’s camera, implanting malware in the hacker’s network, or even physically disabling or destroying the hacker’s own computer or network.

Malware to stop piracy isn’t a new idea

Admittedly, this idea, as insane as it may sound, isn’t new at all. In fact, the very first PC virus, Brain, was created for exactly that purpose. Brain’s author, Amjad Farooq Alvi, used it in January 1986 to prevent his medical software from being copied illegally. According to him, the virus was supposed to target copyright infringers only and asked infected users to contact his software development firm to purchase a cure. Now almost 30 years later we know that his initial idea didn’t turn out that great and Brain went on to infect a lot of innocent users’ computers as well.

But we don’t even have to go back that far. Sony thought it would be a wise idea to use rootkits to protect its DVDs and CDs from being ripped just 8 years ago. The public outcry in late 2005 when Sony’s actions came to users’ attention was tremendous, and rightfully so. This was not only because the Sony rootkit didn’t pose any serious obstacle for any of the actual pirates out there, who weren’t effected by it at all, but because the rootkit posed a significant security and stability risk for everyone who purchased Sony’s content legally.

This was mainly due to various bugs within the rootkit itself. The rootkit lacked any kind of verification of which programs were actually allowed to take advantage of it and which aren’t. In fact the rootkit simply hid all files with names that contained a simple string of text. It didn’t take long for actual malware to appear that included this particular marker in their file name, essentially using the Sony rootkit for their malicious purposes. The rootkit itself contained several bugs that could trigger the system to blue screen during certain operations or could be used by a normal user to obtain administrative rights on a system. Similar issues were found the in the dedicated removal tool that Sony offered on their website, which could either be used by hackers to run arbitrary code on your system by just visiting a website or resulted in users loosing access to their CD and DVD drives after they removed the rootkit.

There is no “good malware”

The fallacy in all this is, that the commission clearly thinks that there can be something like “good malware”. The reality is, there is no such thing. The amount of different computer configurations out there alone is simply too large to guarantee that a particular program (or malware) will never cause any unwanted bugs or side effects. A false positive in such a system would be disastrous. Given the nature of ransomware and rootkits in general, that often have to rely on undocumented Windows system internals, almost guarantees security vulnerabilities to creep in. Vulnerabilities that would then be used by software with actual malicious intent to infect the computers of innocent users, leaving the actual pirates unharmed, who will surely use rips and copies that have the malware-like DRM removed instead.

So where does it leave you as an Emsisoft user if Congress decides to ignore all the outcry this report will surely cause and pass the asked for legislation anyways? The answer is rather simple: We as a company don’t believe in “legal malware”. It doesn’t matter whether a country, Hollywood, or a Russian backyard crimware gang created it. Malware will always be malicious, no matter the intentions. We therefore have never adhered to requests by law enforcement agencies to whitelist their malware in the past and we don’t plan to do so in the future. This is especially true for our behavior blocking technology, that is technically incapable of reliably determine the origin of a malware file, making it impossible for us to whitelist certain malware based on their origin even if we wanted or were legally forced to do so.



В избранное