Infosec Europe 2008
Infosec Europe 2008

Infosec: Vendors rapped over sloppy security

ESET urges ISO-type certificate for electronic devices

Ian Williams at Infosec Europe 2008

An antivirus firm has called for the introduction of an ISO-type certificate to guarantee that security procedures have been adhered to during the manufacturing of electronic devices.

ESET said at the Infosec security show in London that electronic devices are still vulnerable to malware during the production stage.

Advertisement

A variety of gadget and component makers, including TomTom, Maxtor, Mocmex and HP, have released goods over the past year that gave the user far more than they paid for with a free gift of malware.

"There are several ways that this growing threat could be countered that do not rely on users having up-to-date security," said Andrew Lee, chief research officer at ESET.

Lee highlighted the autorun feature, which he dubbed 'auto-infect', which allows a specific program to run automatically from storage devices like USB keys. The feature has become a highly efficient way for hackers to compromise computers.

Vendors should make the "intelligent security decision" to disable this feature, according to Lee, which would prevent a lot of devices from being compromised.

Virus scanning should simply be a sanity check

Andrew Lee ESET

Alternatively users should at least be warned about the potential security risks before allowing these programs to be executed.

ESET also suggested that value-added resellers can introduce malware inadvertently when creating their own custom media and branded devices.

"Virus scanning should simply be a sanity check," said Lee, adding that vendors should use multiple scanners and perform random quality checks before releasing the finished product.

"Introducing some sort of certification would at least give users assurance that a reasonable level of precaution has been taken," he concluded.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Further reading

Infosec Europe 2008

Infosec Europe 2008 Special Report

The latest news and views from Europe's number one information security event

Infosec Video Lounge Part 1

Infosec 2008 Preview: Ed Gibson, Chief Security Advisor at Microsoft UK, talks to vnunet.com about the security focus for the coming year.

Infosec: Security community must work together

Police cannot do everything, says Microsoft UK security chief

Infosec: UK firms winning security battle

New survey shows incidence and costs of attacks falling

Related whitepapers

Related jobs

Most watched

Summit: Salesforce.com on SaaS and information overload

How web services contribute to data headaches

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

V3.co.uk weekly debrief, 13 Nov 09

This week we discuss the inaugural V3.co.uk Summit

Fingers on keyboard

New Flash vulnerability discovered

Web sites could be vulnerable to Flash attacks

Chris Adams

Summit: Microsoft Office to the rescue

Chris Adams, Office Client product manager for Microsoft UK, explains...

Illegal downloader

Industry and human rights campaigners united in opposition to "three strikes" plan

Critics says government proposals to curb illegal downloading are unworkable...

Primary Navigation