The Risks of Desktop Security Software – Part 1

Something like the picture above, then the reverse is true: people have developed sms api that can take that gobbeldy-gook in the picture above and turn it somewhat into the if-statement I wrote out. The reversing software won’t know that I had an item called UserBirthDate, but it will know I was testing for a value of January 1, 1960 and it will be able to say that based on that value I set another item to Yes or No.

So now we install our fool-proof anti-virus software on our desktop (or our firewall for that matter). Well, so too can a virus author. And that virus author or hacker will also have gotten a copy of the latest reverse-engineering software from his local hacking site. He now goes upon his task of reverse-engineering the software and then trying to decipher the results. It’s not easy but it can be done. Unfortunately, vendors know this and understand this as an acceptable risk.

The problem here is that your security software is at risk. If your vendor codes an error, the virus author can and will detect it. For example, if your vendor should exclude a file from scanning, it’s possible the virus author will figure out which file (or type of file) that is and bury his code there. If the vendor excludes files from scanning or heuristics, it’s possible that virus author will figure out a way to corrupt that file.

That being said, there are other risks. As we have said, once software is on the desktop it affords virus authors an opportunity to reverse-engineer security software. The knowledge that reverse-engineering provides is invaluable to a virus author when building his next software attack. Third, virus authors can learn where the anti-virus vendors put there software and put the links to their software.

Directory folders, registry entries, etc.). This too is invaluable information. In fact, in some ways it teaches people intent on writing malicious software clues as to how to infiltrate the computers’ operating system, where registry entries need to be made to force software to be loaded every time a computer is started, etc.

Leave a Comment