Avira takes a strong stand against the new “Bundestrojaner” legal amendments: “Any software which attempts to use system exploits or vulnerabilities in order to infect our customers’ devices will be immediately identified, disabled and removed” – Travis Witteveen, Avira Chief Executive Officer
The German Bundestag recently passed legal amendments that raise serious threats to the privacy and security of netizens worldwide, as its potential impact goes far beyond Germany.
The new amendments would allow authorities to install software and decrypt private internet use without user consent, by exploiting software vulnerabilities. These security flaws are programming errors, which allow any entity – be it benevolent of malign – to secretly access a device or application. By intentionally not disclosing these vulnerabilities, but by leveraging them instead, the law not only does a civic disservice to online users the world over, it also increases the chances that these weaknesses will be used in turn by criminals.
A similar policy has recently jeopardized the security not only of home users, but also of hospitals, train stations, banks and telecommunication services. The global WannaCry ransomware attack took advantage of the EternalBlue exploit, an unknown vulnerability exploited by N.S.A authorities in a way similar to the proposal currently under consideration in the German Bundestag. The EternalBlue was disclosed with the Vault7 releases of Wikeleaks, allowing hackers to leverage the vulnerabilities to infected machines with the WannaCry ransomware.
“I have high concerns about the “Bundestrojaner” legal amendments. At Avira we believe that security is a right, not a privilege. The security and the trust of our customers is paramount and we do not trade it off. It is our collective responsibility to increase the level of security of the digital equipment, internet services and software. If we do not, malware authors will exploit them to do harm. We consider any software, regardless of the originating source, which attempts to use system exploits or vulnerabilities, in order to infect a destination machine, as a piece of malware. Accordingly, we will delete it, remove it, and prevent it from working,” declared Travis Witteveen, Avira’s CEO.
Avira experts detect one billion malicious applications or websites every month. The new law amendments would allow the state to amplify the situation by adding more resources to the discovery of undocumented system weaknesses. Furthermore, eventual vulnerabilities of the “Bundestrojaner” could allow cybercriminal attacks to insert fake evidence into users systems. This might lead to a spiral of unwanted implications for the users whose devices are decrypted by the state.
“We believe that any discovered vulnerability has to be announced to the developers of operating systems and applications so that they are immediately fixed. It is everybody’s responsibility, when a new vulnerability is discovered, not to keep it a secret, as these are the mechanisms hackers and malware authors use to infect computers,” said Mr. Witteveen.
Avira’s security solutions are providing top protection against viruses, Trojans, worms, Ransomware, Phishing and other online threats to millions of users worldwide. New detection features and protection layers are continuously being developed using artificial intelligence and cloud-based sandbox technology to classify and block the latest threats in real-time.