Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.

Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org

Saturday, January 3, 2009

Who would you trust?

There is no shortage of stories about infected digital picture frames out there.  The SANS Internet Storm Center has had several posts on the subject.   When Santa brought my daughter a Sakar "Portable Digital Picture Frame"  I was sure to scan it with some antivirus software.   Sure enough, McAfee reports a Trojan exists in on the device.   I checked the Manufacturers  support page and found this note on the Product FAQ..

"Does my product have a virus?
No. It has come to our attention that some versions of McAfee Antivirus are warning users about a potential virus in one of our files. We have confirmed that this is a false positive. There is no virus and users can install and use their frame without any fear of a virus infection. To avoid any installation issues, we suggest McAfee be temporarily suspended during installation and use. Users of Symantec and other antivirus products are not affected."

Other antivirus products are not affected.  It must just be a McAfee issue right?   What does virustotal have to say?  18/38 (47.38%) of the virus scanners out there report it is a virus.

Norman Sandbox says ..
FEnCodeUnicode.dll : INFECTED with W32/Packed_Nspack.A (Signature: W32/Packed_Nspack.A)

So who do you believe?    Me?  I don't believe either of them.    I can either run the software on an isolated machine and looks for signs of malicious activity or return the product and buy one that doesn't require several hours of analysis before we can use it.     Hmm..