Sunday, February 24, 2008

ESET - PG2 is malware

Original story - TorrentFreak
A Personal Perspective

Sometimes, there are stories where the twists and turns are mindboggling; where the statements and positions made by some groups make you wonder if they live in the same world. There are times when you not only want to report the news, but comment on it as well. I must admit, writing the above story, it was hard to keep objective, and I must thank my researcher for keeping me focused. However, a role reversal such as this, involving a group I have covered before (and kept an eye on since), is one I could not personally let go without some sort of comment.

Perhaps the greatest irony in this though, is the attitudes of the Bluetack people, when they're on the receiving end, In short, both NOD32 and PeerGuardian2 are programs that run on a computer, and use updatable lists to identify bad, or potentially bad items. Both also allow entries on the list to be circumvented, with 'exclusions' or 'allow' lists. However, if an entry is added to the Bluetack lists that deemed unwelcome by some, you will find the Bluetack people all over the net, saying “just add it to the allow” and “better to be safe than sorry”. However, someone does it back, they go demanding, inciting harassment, and making abusive assertions. It would appear that what is sauce for the goose, is not sauce for the gander.

Of course, in the end, it all depends who you trust more to be accurate and diligent in their lists. Either a large international company that makes it's business from the accuracy of lists and it's reputation, or a group of anonymous people on the net. Perhaps the most telling fact is that whilst a Bluetack admin was able to post addresses and phone numbers for multiple ESET offices, there are precisely zero phone numbers, addresses, or even real names listed for Bluetack. Were they to disappear tomorrow, with the $3,300 or so donated for future server costs, there is no way to know who has it. There is a lot of trust in some easily discarded internet identities. In short, this might explain their attitudes – when they finally can't bluff/lie/exaggerate their way out of yet another paranoid, and ill-justified addition to their list, they can simply drop the identities.

If Bluetack were serious about what they were doing, and wish to actually build some credibility, perhaps they could start by standing behind their decisions. Starting by revealing who they are, and acknowledging personal responsibility for their blocks. Of course, they will decline on grounds of privacy (which is why they have anonymizing services like Tor and Relakks blocked), and possibly claim that revealing their real names will lead to harassment or similar. Personally, if they REALLY believed these blocks are justified and legitimate, they have no reason to worry. Finally, it amazes me that whilst those that run PeerGuardian feel themselves to be net-savvy, and would never run a program sent to them out of the blue, by someone they don't know, they will not only run, but defend data and assertions made by people who deliberately go out of their way so as to be unidentifiable. Indeed, the only reason such a group would operate in this manner would be to make it near impossible to be held legally accountable for their actions or statements.