Focus On: Viruses

Symantec started 2006 with its hand caught in the cookie jar, admitting to embedding rootkit-like functionality in Norton SystemWorks. Since then, Symantec LiveUpdate for Macintosh, Symantec Scan Engine and Symantec Gateway Security have all served up steaming plates of embarrassment. And now, Symantec Antivirus and Symantec Client Security allow remote exploits. With Wintel closing in on its a/v franchise and its stock already in the tank, the timing couldn't be worse.

The number two digital certificate vendor, Comodo, expected their new, free, anti-virus engine's release to be greeted with accolades. Instead, they're drawing fire from critics who claim that the software sneakily installed more than they bargained for. Another case of Sony-style corporate deceit, or a few spoiled endusers looking a gift horse in the mouth? Email Battles ruminates.

At the online service level, Windows Live Onecare and its siblings offer free-to-cheap malware protection. In addition, at the nexus of PC hardware and operating systems, combining Intel's new vPro chip with Windows Vista promises to further limit the likelihood of a malware attack. The question for McAfee, Symantec and other anti-virus vendors: "Will there be enough of a malware threat leftover to maintain the business model?"

A new kernelmode rootkit has the ability to communicate via Internet Relay Chat without relying on outside applications. This represents a dangerous escalation in Windows rootkit ability, as previous kernelmode device drivers required help from usermode programs. While the IRCbot released is non-destructive, it can be easily enhanced. The developer has made the download available as a Visual Studio 2003 project.

After most anti-virus vendors wasted a year before they could detect any near-current version of Hacker Defender, many dismissed their failure as an anomaly. The Hacker Defender blunder just slipped through the cracks, right? Wrong. Late in December, a hacker unleashed an encrypted Hacker Defender along with the code. As, after three long months, fewer than half the anti-virus engines can detect the beasts, chances are excellent that you are not among the protected. Email Battles tells you who can, who can't... and how the a/v industry helps turn frustrated white hats black or gray. Anything but white.