Security News > 2010 > May > Is AhnLab to blame for online banking mess?

Is AhnLab to blame for online banking mess?
2010-05-11 05:30

http://www.koreatimes.co.kr/www/news/biz/2010/05/123_65650.html By Kim Tong-hyung Staff reporter Korea Times 05-10-2010 The need for Internet security continues to grow, and this has anti-virus software makers touting themselves as the guardians of the networked world. However, in Korea, often described as the planet's broadband capital, computer security firms appear to be developing a dual reputation, with critics debating whether they are moving efforts for a safer Internet forward or derailing them. It all starts with the Microsoft monoculture in computer operating systems and Web browsers here, which is blamed for limiting Korean computer users, leaving them stuck with outdated technology and exposed to larger security risks. The Korean law mandates all encrypted online communications to be based on electronic signatures that are enabled through a public-key infrastructure. Since the fall of Netscape in the early 2000s, Microsoft's Active-X, used on its Internet Explorer (IE) Web browsers, remains the only plug-in tool used to download public-key certificates to computers. This prevents users of non-Microsoft browsers such as Firefox, Chrome and Opera from banking and buying products online and forced Mac users to buy Windows CDs to prevent their computers being reduced to fashion items. The Korean dependence on Active-X is unique, as security concerns have limited the deployment of the technology elsewhere. Instead of a security-based model, Active-X relies on simple ``yes or no'' signatures to allow users to judge whether to download a control. This is a risky arrangement, since Active-X controls require full access to the Windows operating system, and could be abused by cyber criminals to compromise the user's control of the computer. The Korean reliance on Active-X became a hot topic again last summer when a massive Internet attack left more than 80,000 Korean computers crippled. It was pointed out that Active-X provided an easy route for cyber criminals spreading malware for the distributed denial of service (DDoS) attacks. There have been increasing calls for the improvement of the Korean Internet banking environment and the target of criticism has usually been financial authorities like the Financial Supervisory Service (FSS) and the Ministry of Public Administration and Security, which controls e-government sites. However, there is an increasing number of observers who claim that security software makers, including industry leader AhnLab, should be held accountable for deteriorating the Korean computing experience just as much as the hapless policymakers. AhnLab has been a major provider of the mandatory security programs for IE browsers along with Soft Forum and Initech. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/


News URL

http://www.koreatimes.co.kr/www/news/biz/2010/05/123_65650.html