Posted by Sean @ 16:43 GMT |
There are many ongoing discussions about "Flame" right now an espionage tool, information was disclosed about it on Monday.
There are plenty of questions from customers, and also from members of the press.
Mikko spoke with Clark Boyd of PRI's The World yesterday about the breaking news.
Symantec's Liam O Murchu spoke with Kai Ryssdal of Marketplace in a very "economical" conversation about Flame's functionality.
Some good questions have been asked. And plenty of hyperbole has been generated.
Here are some questions of our own.
Am I protected from Flame?
That's the wrong question. You should be asking yourself this: am I at risk?
Alright then, am I at risk from Flame?
Let's see, are you a systems administrator for a Middle Eastern government?
No? Then no
you aren't at risk.
The number of computers estimated to be infected with Flame is one thousand and there are more than one billion Windows computers in the world. You do the math. You're just as likely to win the lottery.
Additionally: Flame is not a worm. Its architecture includes wormable functionality but those functions are disabled by default. So Flame isn't spreading like a worm and therefore you won't be infected unless you've been specifically targeted.
And then there's the fact that Flame is now known to be in the wild. And so
it's been "turned off". Even Flame's targets are no longer at risk. The real power of an espionage tool is that it's a secret. Flame is no longer a secret and so it will therefore be abandoned. Operational security has been compromised.
Okay, but still in theory am I protected?
We have detections for Flame and our current software blocks and prevents Flame from functioning based on our tests. If you have the most current version of your antivirus software and it's functioning properly with up to date databases, you should be good.
So I'm safe?
Safe? Okay look
Flame is estimated to be at least two years old. That's old in terms of software code. And Flame is now a known quantity. You don't need to worry about it. Flame has been extinguished.
that isn't why you should find Flame interesting. The important thing about Flame is that it represents what else might be out there
the threats that are still unknown.
Gladiator Security Forum