Skip nav

ESET Calls for Certification on Digital Procedures in Manufacturing

Growing threat from infected devices

Infosecurity Europe, Stand F140 (22nd April 2008) – Following yet more high profile incidences of malware being introduced onto devices at the manufacturing stage, ESET announced today that it believes the time has come for an ISO type certificate to be introduced, which reflects that safe, digital procedures have been adhered to during the manufacturing process.

Over the last twelve months Tom Tom, Maxtor, Mocmex and more recently HP to name but a few, have all released goods that gave the user far more than they paid for with the extra free gift of malware. In addition, INF/Autorun a generic identification for malware typically found on usb memory keys, which tries to use the file autorun.inf as a way of compromising a PC, has been the number one global threat to computer users for the last four consecutive months.

“There are several different ways that this growing threat could be countered that is not reliant on users having up-to-date security,” comments Andrew Lee, Chief Research Officer at ESET. “One of main triggers is Microsoft’s autorun feature, or as we like to call it, auto-infect. If Microsoft would only make the intelligent security decision to disable this feature, a lot of machines wouldn’t end up compromised.”

But as Andrew Lee points out, Microsoft is not the only guilty party. “Other vendors, such as Apple should also not offer to enable autorun when their products are installed, without at least warning the consumer of the disastrous security hole it opens. Unless some sort of intervention happens soon, the problem will only get worse.”

ESET also highlights that VARs, when creating their own custom media and branded devices, frequently introduce malware. Either by scanning the master with just one anti-virus product, instead of introducing defence in depth and using multiple scanners or by performing random quality checks to the finished product on an infected machine.

“In reality, virus scanning should simply be a sanity check,” continues Andrew Lee. “Proper building of media means that you know exactly what is on the finished product, which then implies that if your media is infected it was deliberate or you didn’t know what you were shipping. Introducing some sort of certification would at least give users assurance that a reasonable level of precaution had been taken.”


To arrange an interview with Andrew Lee during Infosecurity, please contact Sara Claridge, Marylebone Media Relations, email: or mobile: +44 (0) 7968 626838

About ESET

ESET develops software solutions that deliver comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that extends the ESET product line to include ESET Smart Security. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks.

Sold in more than 110 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in UK, Argentina and Czech Republic and is globally represented by an extensive partner network. For more information, visit or call 0845 838 0832.