Security

Kaspersky disputes McAfee's Shady Rat report

Eugene Kaspersky's rebuttal of McAfee's Shady Rat report is stirring some controversy in the security industry. Read why he thinks the report is "alarmist" and spreading unfounded claims.

Eugene Kaspersky of the security vendor Kaspersky Lab is seriously disputing the Shady Rat report issued by McAfee on the eve of the BlackHat and DEFCON conventions earlier this month. In his blog post "Shady RAT: Shoddy RAT", Kaspersky harshly criticizes the report as alarmist and even accuses that it "deliberately spreading misrepresented information."

Kaspersky's response addressed questions from Congresswoman Mary Bono Mack (CA-45), Chairman of the House Subcommittee on Commerce, Manufacturing and Trade, that she had posed to Dmitri Alperovitch, the author of the McAfee report announcement. Kaspersky answered these same questions to provide his counterargument against the report.

Here are some highlights from his point-by-point rebuttal:

On the issue of the relative sophistication of the Shady Rat Operation:

"...most security vendors did not even bother assigning a name to Shady RAT's malware family, due to its being rather primitive."

On mitigation of Shady Rat threat:

"Most commercially-available anti-virus software is capable of preventing infection by the malware involved in Operation Shady RAT; most doesn't require a special update to do so either, capable of detecting the malware generically."

On the relative helpfulness of public disclosure of threats:

"However, regarding Shady RAT, the IT security industry did know about this botnet, but decided not to ring any alarm bells due to its very low proliferation....It has never been on the list of the most widespread threats.

For years now the industry has adopted the simple and helpful rule of not crying wolf."

On the state-sponsored threat Shady Rat represents:

"...it looks overwhelmingly likely that no state is behind the Shady RAT botnet."

Security industry consensus?

Mikko Hypponen of F-Secure has apparently sided more with McAfee than Kaspersky on this, but Symantec is firmly on the side of Kaspersky. Is this just infighting among industry competitors with their own interests at stake? Who can we really trust to objectively assess the threat level?

And there's more

In a new analysis of its own, Kaspersky Lab claims that the average PC has 12 vulnerabilities and lists the top 10 in its full report. Eight of the 10 are Adobe Flash-related. Ouch. In his ZDNet post, Dancho Danchev reports on Microsoft's good showing, "The company contributes the decline in Windows vulnerabilities to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs." See the "IT Threat Evolution: Q2 2011" full analysis here.

About

Selena has been at TechRepublic since 2002. She is currently a Senior Editor with a background in technical writing, editing, and research. She edits Data Center, Linux and Open Source, Apple in the Enterprise, The Enterprise Cloud, Web Designer, and...

11 comments
Charles Bundy
Charles Bundy

when it comes to malware. Limit their admin abilities, and educate them on threats and the results are amazing. The only downside is sometimes healthy skepticism turns into paranoia and you get a lot of e-mails about "false positives". Of course thats preferable to infections any day!

seanferd
seanferd

McAfee's report read like it was written by PR people, not engineers.

TyDavis22
TyDavis22

Theses companies make thier money by selling protection and security, it is thier nature to make you feel unsecure, insecure, scared and nervous everytime you turn on your pc or access your network so they can sell more products. A new monster virus means you need the next biggest and baddest malware, anti virus and spyware detection software. The industry would die if we did not panic and buy the latest available.

jscott418-22447200638980614791982928182376
jscott418-22447200638980614791982928182376

In my opinion Mcafee is trying to instill fear into Internet users yet again. Every so often one security company or another tries to drum up business by crying wolf. Not saying their is not some truth to what McAfee is saying. But much of the RAT issue was out a few years ago. So its old news and why bring it out again unless you want to scare users?

gadjet
gadjet

What I want to know is why the "prolifieration" is allowed to go on, and "who" is doing the proliferting and "who" is paying for it to proliferate? With the number of threats at any given time, I can not believe in the altruistic nature of the "protection" industry. The circle is to good to be true for the industry. Make virus, generate a "monster", freak out consumer, consumer buys more protection. Repeat process to make more money. The bottom line question I have to ask is, how many "threat generators" are on the payroll directly or indirectly of the "protectors" in the first place? In addition, why are the "threats" NOT being stopped at the source through whatever means required?

AnsuGisalas
AnsuGisalas

I've heard people say similar things about how their software works... like it was written by PR people, not developers :D

AnsuGisalas
AnsuGisalas

Let's not forget that many of the best security tools are not corporate cash cows. Most are free. Some have a paid version available too, the best of which are definitely worth the money, even besides the benefit of supporting continued development. McAfee's products certainly are not among these best security tools.

AnsuGisalas
AnsuGisalas

We all of us are old enough to remember the time when viruses were idle vandalism, created by the mischievous or foolish, often in a spirit of "wanted to see if it could be done". That's no longer the case. "Viruses" are a billion dollar business. The criminal cartels behind them use them to make money off the unwary. Lots of money. They also use them to build botnets for themselves, to use in breaking into harder targets... for money. Lots of money. It's not kids play any more.

seanferd
seanferd

Why are there still burglars and drug trafficking? AV companies don't need to make up malware, it's a billion dollar growth industry.

TyDavis22
TyDavis22

No McAfee is not good at all, just saying that most of the ones that work really good are the ones you have to buy and cost alot. Malwarebytes is a good one that does not cost alot.

JCitizen
JCitizen

with end user solutions. The free ones are the best - they may give real time protection for a low fee like MBAM and SAS, but I'm not talking about Enterprise stuff here. That is probably a whole other story. But to tell you the truth, we didn't need a very good anti-virus when using a well designed network, high assurance hardening, with AD enforced policy and demoting everyone to limited accounts. Only the IT people had any privileges higher than that. User training made up for the rest. The Trend Micro Office Scan v. 6 solution we had was abysmal, but better than nothing.