AV firm defends legal action against security researcher

Tegam International, the French software developer that is suing a security researcher after he exploited vulnerabilities in the company’s Viguard antivirus software, has defended its actions.

In 2001, Guillaume Tena claimed to have found a number of vulnerabilities in the Tegam’s Viguard antivirus software. The company responded by initiating legal action against Tena and the resulting trial means the researcher could face four months in jail and have to pay a 6,000 euro fine. Additionally, Tegam is proceeding with a civil case against Tena and asking for 900,000 euros in damages.

Tegam’s behaviour has been heavily criticised by readers of ZDNet Australia  and numerous other sites for allegedly ignoring security vulnerabilities in its software instead of fixing them. However, Tegam is adamant that Tena's claims are false and his motives are questionable.

Eyal Dotan, head of research and design at Tegam, told ZDNet Australia that the trial is "more complex than it seems" because it is not just about someone exposing vulnerabilities in its products.

He accused Tena of sending an e-mail to the head of human resources at Tegam saying that their product was worthless and that he was going to prove it.

He added that Tena’s research was flawed.

"He did very simplistic ‘vulnerability’ research – by modifying Viguard’s executable and data files on Windows 98 and showing that the program doesn't work well anymore," said Dotan.

In March last year, before the trial, Tegam published an article on its Web site discrediting Tena's findings.

According to Tegam’s Web site, Tena's research claimed that Viguard uses a heuristic detection method or a signature database to function. The company said both these statements were inaccurate.

"Viguard’s main advantage is that it does not need virus signatures to stop infections. Despite this response explaining the facts, the assault against the company continued".

The trial is being held in a Paris court and is expected to conclude on March 8, 2005.

• Related stories

• Alerts

Sign up for an e-mail alert

ZDNet Australia Alerts is an e-mail alert service which provides personalised news, features and reviews to readers’ inbox on an hourly, daily and weekly basis.

Alert:

E-mail: *

Frequency: *

Hourly Daily Weekly

Add alert

Add your opinion

Add your opinion

All fields are required

Subject:
Comments:
Full name:
E-mail address:

Your e-mail will not be displayed

Posting options:

Display all details Do not display details

Security Code:

You must read and type the 6 chars within 0..9 and A..F

 

1. Only one way to verify Tegam's statements -- somebody will just have to reverse-engineer the program*. We've seen cases before where a company's description of how their software worked had no relation to what was actually going on in the code. Anonymous -- 14/03/05

   Only one way to verify Tegam's statements -- somebody will just have to reverse-engineer the program*. We've seen cases before where a company's description of how their software worked had no relation to what was actually going on in the code.
   
   *Somebody not from France, obviously.

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Login

E-mail Password (forgot?)

Login Remember

Like 124,000 other people join the community and get the latest news from the IT industry.

Reader Services

Popular Topics

Essentials