Security-reducing apps: a call to action
As Avs get better operationalized in their fight against unwanted software (UwS), their combined pressure is driving the software monetization industry toward finding the gaps in AV policies so they can continue to exploit consumers for easy money. The big gap in AV policies these days, unfortunately, is around apps that make their computers more vulnerable to attacks. The result? A proliferation of apps that needlessly reduce their customers’ security postures and set them up for future attacks. Examples of these apps include VPNs that install self-signed trusted root certificates and free apps that monetize by installing proxies that share their internet connection and processor. Lately these security-reducing apps are grabbing public attention: articles about them are popping up in both security blogs and computer industry news. Some platforms and AVs are beginning to respond – they detect after others have called them out. But the platforms and AVs have been slow to update their policies, and slow to detect these apps as UwS, which leaves a gap that software monetizers continue to exploit. Our session will show examples of how these apps reduce their customers’ security postures. We will highlight the platform and AV public policy gaps that have led to the spread of them. We’ll make suggestions as to how Avs can enhance their policies to better protect their customers from these apps.
Hong Jia
Hong Jia is chief Research Officer at AppEsteem Corp. She leads application certification review and deceptor application hunting teams. She worked for fifteen years at Microsoft, where she led the antimalware research labs in the US, Canada, and China and drove the relationships between Microsoft’s antimalware teams and the China security companies. She is also one of the founders of ThreatBook Labs, where she ran research and response teams.
Dennis Batchelder
Dennis Batchelder is the President of AppEsteem Corporation, where he’s eradicating unwanted software while helping the software monetization industry thrive. He spent eight years at Microsoft, where he led their antimalware efforts to protect billions of customers through real-time antimalware products and services, industry partnerships, and continuous analysis of threat intelligence using machine learning and the cloud. Prior to Microsoft, Dennis owned the threat and security information management product lines as a Senior Vice President at Computer Associates, which he joined after founding, running, and selling them a network security product company. Dennis has worked for more than thirty years in the security industry holding various leadership roles in the US and India. He lives in Seattle, Washington. Dennis is the author of the Soul Identity series of techno-thriller novels.