Kaspersky Source Code In the Wild 154
mvar writes "The source code of an older version of 'Kaspersky Internet Security' has been circulated on the internet. The code was created in late 2007 and was probably stolen in early 2008. Names contained in the source indicate that the stolen code was probably a beta version of the 2008 software package – the current release is Kaspersky Internet Security 2011. According to a Russian language report by CNews (Google translation), the code was copied by a disgruntled ex-employee. The thief has reportedly been trying to sell the code on the black market for some time, and Kaspersky says that the code archive already appeared in various private forums last November."
Re:And, in other news... (Score:5, Insightful)
Re:And, in other news... (Score:4, Insightful)
Here's the thing.
The people who write malware already have this code. They might not have the C source, but they've got a good handle on the IO flow and undoubtedly have it in assembly. Is this a game-changer for the malware writers? Not even remotely. Even if this was the source code for the latest version from 2011, it wouldn't change anything.
"They" have access to the exact same software that we have. They can download Avast! or AVG or Kaspersky or MSE and write the malware to be untraceable under those security suites. Hell, if they really wanted it they could find disgruntled employees or cleaning crews and get access to the repositories for cash monies.
Re:The bad news is (Score:2, Insightful)
You know what?
Ubuntu can get viruses just as easily as other OSes. The Apache servers that control botnets aren't running IIS. Wine is a weak point, and Flash is a cross-platform single-point-of-failure. How many times have you blindly added a repository based on what some random untrusted person on the Internet tells you to do? I know I have.
The only reason that it's not as 0wn3d as Windows is that Windows was easy pickings and has huge market share. Now the bad guys are going to focus on smartphones because that's where the easy targets are. (A computer that's always on, is usually glitchy, and you can't look around in it because the telcos lock it down from you? Awesome!)
Selling Ubuntu as a secure OS is simply incorrect. It's more secure by virtue of both user capabilities and user-only access, but anything that is connected to the Internet is always subject to OMGPWNIES.
If you are going to use Windows, apparently the best AV is MSE.
Re:I just stopped using anti-virus (Score:5, Insightful)
But that's not what an AV is for, despite the industry trying to market it as such. Antivirus software is reactionary. The company has to receive an unknown virus and analyze it before they can put the virus in the next definition file update. And any heuristics module included is typically useless against all but the most basic attacks.
AV is at best a catch-all for uncontrolled or uncontrollable situations. Office computers, shared family home machines, etc. that are subject to illogical users' whims would benefit from AV. But AV cannot stop zero-day exploits, cannot prevent malicious JS, and is completely useless against a determined attacker with physical access to a machine.
Proper computer security addresses each attack vector separately. A properly-configured software firewall will take care of most of the threats though the network. In fact, hiding behind a NAT will take care of 99% of the zero-day threats; whitelisting outbound traffic is just good security practice. Noscript and safe surfing habits will guard against anything coming in through the browser. Obviously, preventing unauthorized physical access to the system requires physical security.
All AV will do is maybe stop that infected autorun from your kid's buddy's flash drive, or delete that exe file you accidentially downloaded from a questionable site you were surfing. But that's what's it's really there for:all the cases you don't really know or expect to have to guard against.
Re:Stolen?? (Score:3, Insightful)