Eugene Kaspersky's rebuttal of McAfee's Shady Rat report is stirring some controversy in the security industry. Read why he thinks the report is "alarmist" and spreading unfounded claims.
Eugene Kaspersky of the security vendor Kaspersky Lab is seriously disputing the Shady Rat report issued by McAfee on the eve of the BlackHat and DEFCON conventions earlier this month. In his blog post "Shady RAT: Shoddy RAT", Kaspersky harshly criticizes the report as alarmist and even accuses that it "deliberately spreading misrepresented information."
Kaspersky's response addressed questions from Congresswoman Mary Bono Mack (CA-45), Chairman of the House Subcommittee on Commerce, Manufacturing and Trade, that she had posed to Dmitri Alperovitch, the author of the McAfee report announcement. Kaspersky answered these same questions to provide his counterargument against the report.Here are some highlights from his point-by-point rebuttal:
On the issue of the relative sophistication of the Shady Rat Operation:
"...most security vendors did not even bother assigning a name to Shady RAT's malware family, due to its being rather primitive."
On mitigation of Shady Rat threat:
"Most commercially-available anti-virus software is capable of preventing infection by the malware involved in Operation Shady RAT; most doesn't require a special update to do so either, capable of detecting the malware generically."
On the relative helpfulness of public disclosure of threats:
"However, regarding Shady RAT, the IT security industry did know about this botnet, but decided not to ring any alarm bells due to its very low proliferation....It has never been on the list of the most widespread threats.
For years now the industry has adopted the simple and helpful rule of not crying wolf."
On the state-sponsored threat Shady Rat represents:
"...it looks overwhelmingly likely that no state is behind the Shady RAT botnet."
Security industry consensus?
Mikko Hypponen of F-Secure has apparently sided more with McAfee than Kaspersky on this, but Symantec is firmly on the side of Kaspersky. Is this just infighting among industry competitors with their own interests at stake? Who can we really trust to objectively assess the threat level?
And there's more
In a new analysis of its own, Kaspersky Lab claims that the average PC has 12 vulnerabilities and lists the top 10 in its full report. Eight of the 10 are Adobe Flash-related. Ouch. In his ZDNet post, Dancho Danchev reports on Microsoft's good showing, "The company contributes the decline in Windows vulnerabilities to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs." See the "IT Threat Evolution: Q2 2011" full analysis here.