I downloaded them again myself and Windows Defender baulked and said there was a severe danger as "it can capture passwords". I then ran Norton anti-virus scanner against the zip file and it reported three problems; 2 for PWDump and 1 for Netcat. Is the anti-virus software correct to mark OAT as a virus? - this is debatable. In their own right PWDUmp and Netcat could and should be marked as dangerous if they were downloaded to a users PC as part of an email or other surupticious way of getting them onto the PC. A user not expecting to get these tools on hos PC would want them marked. They are not however virus's or trojans in my opinion. In the context of OAT though they are not a virus either or dangerous as the context must be taken into account. OK, in this case a DBA had downloaded an Oracle security toolkit - no danger, what if OAT had been deployed as a payload to an unsuspecting persons PC would it then be classed as dangerous? - not sure, the targetting of a zip of an Oracle audit toolkit would need extra "features" to enable the attacker to do something with it and also the PC infected would need to be specifically targetted. So should anti-virus software and spam/spyware tools such as defender find OAT dangerous? - they should detect netcat and most likely PWDump but should then detect when part of a toolkit such as OAT? - probably? - does this mean the future for free security tools is changing, if they are being marked as dangerous - viri, trojans or spyware? - probably?
There has been 4 Comments posted on this article