As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?
As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
To Microsoft, it has occurred a few times that their innocent programs get misdetected as malware. In April 2010, McAfee misdetected SVCHOST from Windows XP SP3 as malware, leaving perhaps around a hundred thousand machines unable to boot. In December 2010, AVG misdetected CSRSS from 64-bit Windows 7 as malware, also leaving many machines unable to boot. And there have been a few other such cases, though not as devastating. To Google, it has occurred a few times that BoringSSL (part of Chrome that ciphers HTTPS traffic) gets misdetected as ransomware, leaving a large part of the Internet ciphered using flawed algorithms. To Motorola, it has occurred that their Bluetooth drivers get misdetected as malware. To Mozilla, it has occurred many times that SpiderMonkey (the JavaScript engine of the Firefox browser, using some advanced JIT-compilation techniques) gets misdetected as a virus (because AVs think it is self-replicating code).
So, if the programmers working at Microsoft, Google, Motorola and Mozilla have trouble making innocent programs that does not get detected by some antivirus software as malware, is not it kind of absurd to claim there are Russian hackers who can make actual malware that does that? It is obviously incredibly hard to make a good JavaScript engine that won't be detected as malware by some AV (since not even Mozilla can do it), so it must be significantly harder to make actual malware that won't be detected as malware by any AV, right?
As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
To Microsoft, it has occurred a few times that their innocent programs get misdetected as malware. In April 2010, McAfee misdetected SVCHOST from Windows XP SP3 as malware, leaving perhaps around a hundred thousand machines unable to boot. In December 2010, AVG misdetected CSRSS from 64-bit Windows 7 as malware, also leaving many machines unable to boot. And there have been a few other such cases, though not as devastating. To Google, it has occurred a few times that BoringSSL (part of Chrome that ciphers HTTPS traffic) gets misdetected as ransomware, leaving a large part of the Internet ciphered using flawed algorithms. To Motorola, it has occurred that their Bluetooth drivers get misdetected as malware. To Mozilla, it has occurred many times that SpiderMonkey (the JavaScript engine of the Firefox browser, using some advanced JIT-compilation techniques) gets misdetected as a virus (because AVs think it is self-replicating code).
So, if the programmers working at Microsoft, Google, Motorola and Mozilla have trouble making innocent programs that does not get detected by some antivirus software as malware, is not it kind of absurd to claim there are Russian hackers who can make actual malware that does that? It is obviously incredibly hard to make a good JavaScript engine that won't be detected as malware by some AV (since not even Mozilla can do it), so it must be significantly harder to make actual malware that won't be detected as malware by any AV, right?
