Friday, May 19, 2006

And a Tip of the Hat to Checkraised.Com

Ora curtsy, of course. Overflow time again. Too much recent news for me to fit in over at the KAP blog, so I'll drop in a followup to a followup here. I've recently been tracking several computer security issues related to poker, the latest being the discovery by a Finnish security firm that one of the poker add-on applications offered by, RBCalc, is in fact a form of malware, a backdoor "rootkit" driver that surreptitiously adds four other hidden files to the host computer. These four files, once activated, perform various keylogging and screengrabbing functions and also capture i.d. and password information for several large sites, the biggest of which is Party Poker. You can all see where that one is heading.

The scope of the naivety exhibited by is stunning, and while we'll get to that in a second, note the following from their release: "To prevent such situations from happening in the future, we do not plan on developing any executable applications. In addition, all future programming will be done in-house to ensure the maximum safety that we can provide to our users."

Mea culpa, indeed. But perhaps not everyone understands the depths of idiocy that has plumbed.

First, RBCalc was created for by a "contract programmer." As of yet, information about this contract programmer's identity has not been released, but since updates to the product were sent "by e-mail," it can be presumed that this was an indirect relationship at best. It's quite possible that it was some overseas code pusher cranking out the stuff for a much lower wage rate than that available in's home market.

Sounds trustworthy to me. (*cough*) Particularly in a product that one intends to brand with one's own name and release into a market where billions of dollars are potentially in play. But the regal ruby from comes from earlier in their virus-discovery release:

"The virus goes undetected by Norton AntiVirus and Microsoft Defender, even to this day. This is why we never noticed it until a 3rd party contacted us about the malicious software." And later: "He would send updates by way of email, we would virus scan it (what good that did!), and then we would upload it to our website."

This one takes a little bit more explaining. While hasn't divulged the specifics of their software-checking process, it looks as though it pretty much consisted of this: Loading the new or upgraded application onto one or two computers that also had Norton Antivirus and Microsoft Defender installed, then running it to see if it picked up any implanted bugs.

Thou art blithering idiots, The last line above seems to indicate that the fault lies with Symantec and Microsoft, since their products didn't find the hidden trojan. Instead, the problem is with, traipsing along unaware of how those products work in the first place.

Software such as Norton Antivirus works by maintaining a comprehensive registry of known computer viruses and malicious code. The user maintains a subscription to the vendor's ever-growing database as new viruses --- which are most often variations of already existing ones --- are added to the list. In the vast majority of cases, this is sufficient; the bug is discovered and a removal process is created before it's ever encountered by the majority of users.

However, any new virus created by a software coder isn't going to be known about until it's discovered, presuming that the virus's creator modifies the bug or re-disguises it in any way. Even funnier, any virus-coder worth his salt would already have access to the Symantec and Microsoft databases, to make sure that his variant isn't being picked up by the release versions currently in play.

After all, a product such as Norton Antivirus isn't intended for use in the discovery of new computer bugs; it's only designed to identify and remove those that are already known. And for an entity such as to offer any sort of software when they clearly don't understand the difference is an embarrassment of high order.

So while maintains that their other programs are safe, I wouldn't touch the things with a ten-foot stick. Not because they aren't bug-free --- because they likely are --- but because has now demonstrated that they shouldn't be doing this stuff in the first place.

My pseudo-Shakespearean insult above doesn't cut it. Instead, let's use the real thing, as linked from a couple of other poker blogs last week. A quick three-fer provides the following:

1) "Thou saucy hedge-born fustilarian!"

2) "[Thine] horrid image doth unfix my hair."

3) "Thou cockered tickle-brained puttock!"

There, I feel better already.

No comments: