This article is a response to the CIA project called Fine Dining and Sophos Virus Removal Tool (SVRT).
According to the leaks, the CIA is reported to have described the use of DLL hijacking to load a data-gathering DLL of their choice while a regular copy of our SVRT software ran in the foreground to act as a decoy or "cover story". We have verified that this event needed to be done by someone who had local access to the system with administrative privileges and, therefore, would be able to replace anything. Given this, there is little to no way to prevent an attacker with local admin privileges from modifying the file system. The following sections are covered:
Applies to the following Sophos products and versions Sophos Virus Removal Tool
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.