Antivirus software company admits antivirus is useless. Flame malware signed with Microsoft keys.
Two interesting stories on The H Online regarding the Flame malware for Windows.
This means that Flame has been out there for over two years and no antivirus software has done anything about it.
The forgery was simple to pull off since Microsoft’s Certificate Root doesn’t keep proper track of their keys and uses weak DES which most e-commerce sites haven’t bothered to use since the EFF demonstrated that it could be easily cracked using commodity PC hardware from 1998.
This demonstrates a couple things I’ve been saying all along.
1. Why do browser makers not bother to make sure that “Trusted” certificate roots can actually be, you know….trusted? You have Mozilla, Google, and Opera conspiring to keep CACert out, but all of them would trust insecure Microsoft keys from Microsoft’s certificate authority. What’s more disturbing is that Windows apparently recognizes Microsoft’s DES keys. I doubt that it would allow you to sign a kernel module with them, but it would be sufficient to suppress the security warning that pops up that says the software isn’t signed.
2. Antivirus software is pointless. It has marginal effectiveness against common malware, and no effectiveness at all with more sophisticated malware. It’s hard to tell whether this is incompetence or because the US government and Israel write malicious Windows software all the time, and they’d rather that users of Windows not be protected from it.