Malware and Desktop-Based Security Software

Monday, October 11, 2010

Eli Talmor


Recent malware attacks require additional review of resiliency of desktop-based security software products, for example PGP.

PGP was originally developed for protecting data in transit from being intercepted by un-intended persons.

PGP desktop-based software, incorporating RSA private-public keys crypto algorithms and was developed in 1991 to protect data in transit.

Indeed, in 1996, cryptographer Bruce Schneier characterized an early version as being “the closest you’re likely to get to military-grade encryption.”

There are many publications showing that brute-force attacks on PGP encryption are failing to achieve their goal to break in.

There is also a growing evidence that malware will be able to by-pass these defenses without the need to crack RSA algorithms.

Malware is known to circumvent algorithmic defenses during user activities.

The same may be true in the case of PGP. Breach of desktop-based security software may occur upon “unwilling user cooperation”.

For example PGP security is based on password-protection of private key, stored on the desktop.

Therefore, malware including password recording using key-logger and/or dll injection for private key hijacking, such as described at, will be able to perform security breach.

Any desktop-based security software must be resilient to these kind of attacks to be applicable in today’s environment.

Client-server security software can make these kind of attacks obsolete.

Cross-posted from

Possibly Related Articles:
Viruses & Malware
malware PGP
Post Rating I Like this!
Ray Tan Besides AV, firewall,IPS/IDS, you need to check the traffic from time to time, make sure that the data in transit are encrypted well, all connections are authorized.
Packet sniffer is a must for network security, of course.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.