The Java applet used to NemID solution triggers an alarm that it contains a Trojan when you scan your PC with McAfee antivirus. By Jesper Stein Sandal Thursday, November 17, 2011 - 10:44
A reader has made Version2 aware that at his workplace had been asked to run McAfee Stinger tool because there was found a malicious program in the folder unusual sports around the world on your PC that is used to login with NemID.
Version2 have run the same scan with the latest version of Stinger and has also received a warning unusual sports around the world from McAfee program that found "Heuristic.FakeAlert trojan" in the files Nemids Java applet stores locally on the user's PC.
A JAR file is a compressed file, which is used to distribute a Java applet and contains among others the images used by the applet. The alarm from McAfee occur just by scanning the JAR files, which features two image files "large.gif" and "pause.gif" McAfee identifies as a malicious program.
DanID stores a local copy of the files for the Java applet in the C: \ Users \ brugernavn.oces2 \ DanID \ plugins \ and the JAR file that triggers McAfee's alarm, the file "DanID_Applet.jar". The files are stored locally, so the user at each login, download a copy of the applet from the server.
The program that McAfee supposedly finds are from the available information a Trojan that can show the user a virus hoax to try to lure the user into downloading and paying for a fake antivirus program. unusual sports around the world
The alarm is triggered, however, by a heuristic detection. unusual sports around the world This means that there is an accurate identification of a known malicious program. However, it is an algorithm that tries to recognize a particular type of malicious program from some general properties.
Therefore, it is probably a false positive, that is a false alarm, because the heuristic algorithm confuse a harmless gif file with a malicious file because it is harmless file has some characteristics that match the characteristics of the algorithm are looking for.
Published 20 November 11:24 Updated 20 November 11:24
However, it is absolutely incredible. It is as if Version2 doing everything to find something that just can signal negative aspects of NEMID - even if it is very likely also here is a 'false positive'. Similar to EB journalism must however look far.
Change in pictures?
The problem here is not in the connection there is between the system calls a rootkit andvender to take full control and calling a DRM or antivirus doing to tilsidegå what access OS had to give to the data?
The problem unusual sports around the world here is enough again DanID's virtualle PKI model where real transfer data in the proper implementation never need to leave the HW token and therefore must be ensured that DanID applet has full unlimited control over the user's PC something you'd only see in rootkits unusual sports around the world and DRM systems.
Cadeau it - the matter unusual sports around the world is too important to just be drowning in a discussion about the headlines.
"Large.gif" and "pause.gif" ER executables - they start with a standard MS-DOS header! ("Error.gif" and "logo2.gif" do not). See, for example: http: //en.wikibooks.org/wiki/X86_Disassembly/Windows_Executable_Files#MS ...
Yes, we can not let the debate on the headlines lie? So I promise soon to write a blog post about our approach to headlines, and how we think about it. Then we can take the debate there instead.
Those files can be opened directly in Dependency unusual sports around the world Walker, if you want to see the dependencies. Among other things, there does appear to be dependencies of various cryptography kernel and libraries. http://dependencywalker.com/
I wonder if it is a JNI DLL to Keystore provider support "My Certificate Store" (via CryptoAPI), necessary to support OCES certificates corresponding to MicrosoftCryptoApiXXX.dll in OpenOCES?
Thomas Brodersen 17. November 2011 to 12.08
Gif files really are executables. That you will not find a negative relationship? Hmmm .... if you just wait a moment or two, then I have a great deal for you, a huge tower of steel located in central Paris, you get it for very little money.
error.gif: ELF 32-bit LSB shared object, Intel 80386, version 1 (SysV) Dynamically linked, not stripped pause.gif: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit logo2.gif: Mach-O fat file with 3 architectures large.gif: PE32 + executable for MS Windows (DLL) (GUI) Mono / .Net assembly
In 1999, the ELF was valgte as the standard binary file format for Unix and Unix-like systems on x86 Taking the Next Step OPENSTEP and Mac OS X, multiple Mach-O files can be combined in a multi-architecture binary. The PE32 format stands for Portable Executable 32-bit, while PE32 + is Portable Executable 64-bit format.
Apparently, the code files that are used to bind the java applet for each operating system. There are
No comments:
Post a Comment