According to the media, the Austrian hacker Peter Kleissner got a offer from Microsoft. This wouldn’t be news-worthy if Kleissner hadn’t programmed and offered to sell a so called bootkit – that is a rootkit that hides within the Master Boot Record of a hard disk and gets loaded before the operating system kernel and thus can hide very well within the OS. As it gets loaded so early, a bootkit in general is also capable of bypassing even full disk encryption for example with TrueCrypt.
Kleissner “wrote” this software after analysing the Sinowal bootkit. His publicly available code shows many similarities with Sinowal – also our detection routines for Sinowal got triggered by it. No wonder, it seems he just disassembled Sinowal and modified the sources a little so that the Vista/Win7 boot chain was working again (see Kleissners comment in the Sinowal analysis of RSA, near the bottom of the page).
So, Kleissner seems to have built his “breakthrough” code upon already existing malware, the work of those people trying to invade your systems and steal your data. Sadly his skills in self-marketing seem to exceed those he has in the fields of self-reflection, ethics and his sense of responsibility.
Unfortunately, he was working for an antivirus company while doing all this. His former employer reacted promptly after getting informed and dismissed him. You have to be able to trust someone to hunt for malware, not to produce it. Especially if you are offering security products – security is very much about who to trust.
Now obviously Microsoft thinks it is a good idea to work with people that proved to work on the bad side of security. This isn’t going to raise my trust in Microsoft and the products of the Redmond company. Quite contrary it is destroying the trust they earned over the last few years – where they introduced the Secure Development Lifecycle, showed increased attention for security problems and risks and also entered the antivirus market.
Security companies – like Microsoft is, too – should really think about their actions and the consequences those actions have on the trust of users. If the company can’t be trusted anymore because of their actions it has no chance in the security market anymore.
source : Avira