How the security industry reacts to a bootkit maker
Austrian eighteen years old Peter Kleissner recently become famous for being the author of Stoned, the tool which exploits Master Boot Record rootkits techniques to bypass Microsoft operating systems protections and allow the execution of unauthorized code - be it legit or not. But the popularity the young programmer gained thanks to Stoned caused disagreeing reactions by security market companies.
The “case” was pointed out some days ago on the corporate blog of German developer Avira, that starting from an article appeared on Spiegel commented the consequences of Kleissner’s doing. The young Austrian, Avira technical editor Dirk Knop says, built his work upon the disassembled code of di Mebroot/Sinowal, the rootkit that sadly popularized the old boot viruses trick by integrating it in a botnet meant to steal users’ data.
Kleissner self-promotion skills “seem to exceed those he has in the fields of self-reflection, ethics and his sense of responsibility“, Knop writes, because while he was creating his Stoned program the coder was employed at an antivirus company. In the security field trust is everything, Avira says, and you “have to be able to trust someone to hunt for malware, not to produce it” hence Kleissner’s employer kicked him out as soon as the company discovered the Stoned presentation during Black Hat 2009 conference.
The case took an unexpected and - according to Avira - unfortunate turn when Microsoft, whose software actually is Stoned main target, offered the young man a stage at the corporation offices without disclosing further details on the matter. Microsoft clearly prefers to pet a certain hackers category working at the light of day rather than declaring war on them, and it’s not a case that the company appears among the sponsors of the conference devoted to hacking and “digital self-defense“.
But the Redmond move displeases Avira, which harshly criticized the decision to host the bootkit creator although he gave proof to work for the dark side of IT security. “This isn’t going to raise my trust in Microsoft and the products of the Redmond company - Knop writes - Quite contrary it is destroying the trust they earned over the last few years“.
“Security companies, like Microsoft is too“, the Avira editor concludes, “should really think about their actions and the consequences those actions have on the trust of users. If the company can’t be trusted anymore because of their actions it has no chance in the security market anymore“.
- Michelangelo and Melissa, the mass hysteria computer viruses
- Avira Antivirus & marketing part II
- Avira: security or marketing?
- AV-Comparatives feels the pulse of the IT security
- AntiVir Personal is 10 years old and Avira gives its customers a gift
- From the past to the future, the new bootkits menace
- Rootkits penetrate the heart of the machine
- Conficker, it’s open war between the industry and malware writers
- Sality virus, the species evolution
- Will Stardock’s security solution kill the DRM?