In the last 20 years, a large number of users on their popular desktop computers did not even have antivirus solutions installed at all. Then the internet was still short and there were not so many different types of viruses that attacked the then operating systems. In this post, I will try to give a brief history of the antivirus and to point to the problem of leaking sensitive data.
How did it all begin?
If you are wondering when it all started and when the first computer virus was created it was still in the early 80s. It is noted that the first virus ever was written was born in 1981. It is interesting that this virus is written for the Apple II computer and is known as Elk Cloner and his author was Richard Skrenta. However, this virus has never been “free”. Under this term, it is understood that he was sorely tested in laboratory conditions and was never released out of this environment. The first virus that was “free” that was not tested only in a controlled environment was written in 1986. This virus is known as Brain and is also known as the “Brain boot sector” and was written for IBM Compatible Computers and was written by two brothers from Pakistan with the surname Alvi. Everything we have today has been born out of such humble beginnings, and as we reacted to the antivirus community, we will see below.
When did the first antivirus appear?
Soon after the first viruses appeared, in 1987, the first removal program appeared under the name Bernd Fix. Also, in the same year, G Data Antivirus was released for Atari ST. The first antiviruses had only the ability to detect and remove known viruses. This means that he actually has a signature base (known as “signatures”) of known viruses and if a given file corresponds to a signature, the software assumes that the file is infected and that the user is informed about it. However, certain types of virus writers have succeeded in deceiving this false mechanism, so antivirus software itself evolved into something based on heuristics. This means that although the file does not match existing known viruses in the database, the software can be based on the behavior of the file itself that deviates from the usual virus detection and discovers it to the user. The first such antiviruses were created already in 1987 and they were Flushot Plus written by Ross Greenberg and Anti4us written by Erwin Lanting. Immediately after that, in 1988, he launched a mailing list of VIRUS-L where he discussed viruses and removal methods. Some of the prominent members of this list were soon launching their commercial solutions and the first was John McAfee and Eugene Kaspersky. Just a few years after the events mentioned, and if we want it precisely in 1990, Symantec marketed its first antivirus called Norton Antivirus, which has gained great popularity among users.
How are antiviruses developed?
With the appearance of the Internet, everything has changed from virus spread to antivirus software. Online scanners have appeared which enabled the scanning of files or folders without installing antivirus software. Another thing that is somewhat newer is cloud-based antivirus solutions that use advanced desktops, which are actually the biggest problem for the privacy of user data and will be further discussed below.
Where is the problem really present?
The problem was created by using a cloud-based antivirus solution. Actually, a little before that. One of the very well-known VirusTotal websites where you can check any file is at the same time representative of multi-scanner solutions. This project was launched in 2004 by the Spanish security company Hispasec Sistemas. Actually, when you go to this site, first you have to do is upload the file you want to verify and then test the file through several different antivirus scanners. Here is the biggest challenge, as the question of what is happening with that file is being asked. VirusTotal says this file is intended solely for its security companies to partners only in order to raise the overall security situation. However, is this how we will see below, as well as whether this is a completely free service. Here I want to emphasize that the purpose of the text is not in any way diminishing the importance of this service, which can really be very useful.
Carbon Black Case
DirectDefense security researchers have written a blog about data leakage details through Cb Response by Carbon Black. Specifically, this tool that is installed on your computer automatically delivers information with the VirusTotal site to enhance protection. However, researchers have been able to find a large number of Cloud keys, App store keys, internal usernames and passwords, user data, and internally developed applications including developed algorithms and business secrets of several Fortune 1000 listing companies. For most of the things they find on their allegations, it is the wrong mechanism that sends suspicious files to the sandbox solution or exchanges with VirusTotal. What we really have to consider here, especially in the business environment, is what the data is sending.
Recommendation for the Protection of Confidential Information
If you are using CB Response or something else, it would be good to try to find out what accurate data is collected and what’s happening to them, especially if you do not need user permission. Another important thing is to disable the cloud upload option if possible in the software itself. I hope that with this post at least a little has attracted the attention of business users to a danger that is not well known in the wider circle and that this will at least be some benefit.