Antivirus and security tools as Information Warfare tools
February 2008 by Frédéric Donnette, Global Security Mag
What happens in times of war, if the antivirus which we use from a foreign country stops working, worse the updates carry a virus in it or a time payload or the update can trigger a destructive sequence in the security program that can delete the entire hard disk.
Firewall could allow certain connection with certain string on it, which would have been preprogrammed into the code.
It is important that our countries critical infrastructure to use indigenous software developed and maintained by either government or private companies.
Government departments have been doing some work on security in terms of sniffers, forensic tools etc. But making antivirus, firewall or IPS is a continuous job and lot of effort goes to monitoring threats from around the world.
Very interestingly, even products which claim are indigenous developed sometime use some portion of code from foreign companies.
There are instances when Indian companies uses technology for antivirus, antispam and firewall from foreign companies (they use their engine) just the GUI is written by Indian companies. Companies like Gsoft, Kaspersky, Commtouch, Agnitum, Norman allow other vendors to use their engine and only integrate their own GUI. Almost all Indian vendors use one or the other technology.
Most of the networks would be on intranet not connected to internet. Most of this software is updated via USB. Updates are downloaded from internet carried physically into intranet and updates.
What happens if a logic bomb or a virus itself is part of update or it just contains one signature trigger string which will cause wide spread destruction on intranet. The command control centers would be out.
Most isolated intranet also get virus, worms because of poor discipline which exist. Security experts on intranets download program from internet and deploy on to the intranet without testing it out. The laptop of security admin would be traveling out and in from intranet. When the security admin laptop connects to internet all data may be sent out which is collected on intranet.