Malware and Desktop-Based Security Software

Monday, October 11, 2010

Eli Talmor

7af56c65866a442699d6dd1dfb02b528

Recent malware attacks require additional review of resiliency of desktop-based security software products, for example PGP.

PGP was originally developed for protecting data in transit from being intercepted by un-intended persons.

PGP desktop-based software, incorporating RSA private-public keys crypto algorithms and was developed in 1991 to protect data in transit.

Indeed, in 1996, cryptographer Bruce Schneier characterized an early version as being “the closest you’re likely to get to military-grade encryption.”

There are many publications showing that brute-force attacks on PGP encryption are failing to achieve their goal to break in.

There is also a growing evidence that malware will be able to by-pass these defenses without the need to crack RSA algorithms.

Malware is known to circumvent algorithmic defenses during user activities.

The same may be true in the case of PGP. Breach of desktop-based security software may occur upon “unwilling user cooperation”.

For example PGP security is based on password-protection of private key, stored on the desktop.

Therefore, malware including password recording using key-logger and/or dll injection for private key hijacking, such as described at http://www.securityfocus.com/archive/1/513596, will be able to perform security breach.

Any desktop-based security software must be resilient to these kind of attacks to be applicable in today’s environment.

Client-server security software can make these kind of attacks obsolete.

Cross-posted from http://sentry-com.net/blog

Possibly Related Articles:
8358
Viruses & Malware
malware PGP
Post Rating I Like this!
85ac6feb584b665e85664974c546cfec
Ray Tan Besides AV, firewall,IPS/IDS, you need to check the traffic from time to time, make sure that the data in transit are encrypted well, all connections are authorized.
Packet sniffer is a must for network security, of course.
1286866001
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.