Is AhnLab to blame for online banking mess?

[InfoSec News <alerts () infosecnews org>]

http://www.koreatimes.co.kr/www/news/biz/2010/05/123_65650.html

By Kim Tong-hyung
Staff reporter
Korea Times
05-10-2010

The need for Internet security continues to grow, and this has 
anti-virus software makers touting themselves as the guardians of the 
networked world.

However, in Korea, often described as the planet's broadband capital, 
computer security firms appear to be developing a dual reputation, with 
critics debating whether they are moving efforts for a safer Internet 
forward or derailing them.

It all starts with the Microsoft monoculture in computer operating 
systems and Web browsers here, which is blamed for limiting Korean 
computer users, leaving them stuck with outdated technology and exposed 
to larger security risks.

The Korean law mandates all encrypted online communications to be based 
on electronic signatures that are enabled through a public-key 
infrastructure.

Since the fall of Netscape in the early 2000s, Microsoft's Active-X, 
used on its Internet Explorer (IE) Web browsers, remains the only 
plug-in tool used to download public-key certificates to computers. This 
prevents users of non-Microsoft browsers such as Firefox, Chrome and 
Opera from banking and buying products online and forced Mac users to 
buy Windows CDs to prevent their computers being reduced to fashion 
items.

The Korean dependence on Active-X is unique, as security concerns have 
limited the deployment of the technology elsewhere. Instead of a 
security-based model, Active-X relies on simple ``yes or no'' signatures 
to allow users to judge whether to download a control. This is a risky 
arrangement, since Active-X controls require full access to the Windows 
operating system, and could be abused by cyber criminals to compromise 
the user's control of the computer.

The Korean reliance on Active-X became a hot topic again last summer 
when a massive Internet attack left more than 80,000 Korean computers 
crippled. It was pointed out that Active-X provided an easy route for 
cyber criminals spreading malware for the distributed denial of service 
(DDoS) attacks.

There have been increasing calls for the improvement of the Korean 
Internet banking environment and the target of criticism has usually 
been financial authorities like the Financial Supervisory Service (FSS) 
and the Ministry of Public Administration and Security, which controls 
e-government sites.

However, there is an increasing number of observers who claim that 
security software makers, including industry leader AhnLab, should be 
held accountable for deteriorating the Korean computing experience just 
as much as the hapless policymakers. AhnLab has been a major provider of 
the mandatory security programs for IE browsers along with Soft Forum 
and Initech.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/