CCTV

Viewing software

by Mark Rowe

How can you minimise the risks of viruses on your computer from imported CCTV footage; by Steve Lower & Robin Stevens, of Sira Defence and Security Ltd

If you want to view CCTV what software should you use to minimise the risk to your computer of getting infected by a virus, SiraView the universal viewer or loading up a manufacturer’s player from the internet? To answer the question you need to understand the nature of viruses. Computer viruses can be broken down into two main categories.

1.Trojans
In a Trojan the malicious code is usually disguised as a valid program, and the user is somehow tricked into downloading and running it. Sometimes this happens without the user realising, such as in the case of a website which automatically downloads and runs executable code without the user’s consent, or certain kinds of email attachments. Note: Most modern web browsers and mail clients protect against this kind of attack reasonably well.

Manufacturer’s players
CCTV playback software could well include Trojan code, therefore seeking out manufacturers players from the web, downloading and installing them is inherently extremely risky.

In the first place the user has to establish that they are definitely downloading the correct file (and this is made more difficult by the large number of download sites which embed their own “value-add” software in the downloads they host). Secondly, the user must make sure they run an up-to-date virus scan on the download to minimise the risk of the software being infected. Of course anti-virus software is always playing catch-up: they cannot protect against virus they have not yet encountered.

CCTV files
Exported CCTV video files are not executable files, and are unlikely to suffer from being Trojaned.

2.Viruses
The other main category, viruses, can be embedded in data files. The highest risk comes where the data file is run through a system which includes a virtual execution engine, such as Flash or Adobe PDF. Those systems interpret the file as if it were a computer program, and may therefore perform actions which the user would consider harmful, including downloading and running other programs from the internet.

There is still a risk with data files that are not interpreted by a virtual execution engine, such as JPEG images. A carefully crafted JPEG file could exploit a programming bug in the JPEG codec installed on the machine, triggering a buffer overflow. Such exploits are then able to get the system to execute arbitrary machine code embedded in the fake JPEG. In really clever cases, the image will still decode more or less correctly so the user may not even realise there’s anything suspicious about it.

CCTV files
Exported CCTV video files could theoretically contain such embedded viruses – but consider where the CCTV video file came from, and who has handled it. The exported video has been generated by a CCTV system or DVR, operated by the owner or a Police Officer. If the exported video already has an embedded virus, then all owners of that particular make and model of DVR are at risk. This would by a very serious concern for any DVR manufacturer: their business would be at risk of failure should such a situation arise.

The CCTV system owner or the seizing police officer can presumably be trusted not to have introduced infection into the files – especially if the media containing the data is a write-once platform, such as recordable DVD. One answer is to not to go down the route of downloading manufacturers players but to use a single install of the universal CCTV viewer called SiraView. So how can we be confident of this and how does SiraView minimise infection by a virus?

Initial creation
First, all released builds of SiraView have been produced on a dedicated build server, running up-to-date anti-virus software, hosted in a secure environment. The probability of a virus being on our installers is minimal.

The SiraView installer (MSI) is cryptographically signed on the build server when it is created. If the file is tampered with subsequently, the signature will not match and Windows will not install the software. So you can be sure that the SiraView installer we deliver to you is virus-free at the point of delivery, and we would invite you to run your own virus scan in any case.

Installed software
Once SiraView is installed on your system, it is protected by Windows authentication. Only users with administrative privileges can access the installation folder and make changes. Normal user accounts will have read-only access. Therefore standard system administration best-practice protects against subsequent virus infection post installation. By taking these steps, we feel we have ruled out any real risk of trojan-based attacks.

SiraView decoders
Most of the SiraView Decoders have been written from first principles, but some do use standard built-in codecs, so there remains a theoretical risk of embedded viruses affecting your system, but this risk is orders of magnitude smaller than for trojan-based attacks.

Implementation
SiraView must of course access CCTV data, and this may be on a DVD presented to the system. We would recommend that your systems are configured not to run executable files from external sources (DVD, USB sticks, etc), and especially not to perform Autorun when a disk is inserted. These are standard IT security procedures to protect against external threats from all kinds of sources, and provide a huge measure of protection.

The final draconian step is of course to block access to any data on an external DVD drive. This will give you total protection, but you must balance this against your business needs.

We feel that blocking data execution from external devices, and carefully protecting network access to your system will provide the necessary measure of security, while still enabling useful functionality from the machine.

About Sira Defence and Security Ltd

Sira Defence and Security Ltd is part of Volvere plc, the listed support services and investment group. Sira works with the police and other law enforcement agencies in the UK and abroad. Its software products and services are centred on Sira’s core skills in optics and imaging.

SiraView was developed by Sira Defence and Security, with support from the police, to provide a standard user interface with the functionality required by most police officers. Sira has written its own software to do the decoding rather than producing a “wrapper” for the CCTV manufacturers’ proprietary software. This preserves the evidential quality of the CCTV – an important consideration for police use. As a result most officers can view footage direly on their PC rather than having to wait for the footage to be sent to a force laboratory for it to be viewed and put into a format that can be played on standard PCs or for roll out over force networks.

Related News

  • CCTV

    Stade des Alpes

    by Mark Rowe

    The Stade des Alpes is a rugby and football stadium in Grenoble, France with over 20,000 seats. It hosts two resident professional…

  • CCTV

    IFSEC in your hands

    by msecadm4921

    A savvy security professional knows that the future of security lies in their hands.  As a result, it is up to them…

  • CCTV

    Thermal camera range

    by Mark Rowe

    Hanwha Techwin Europe has added to its Wisenet T Thermal camera range three radiometric thermal models. Each has a temperature measurement feature.…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing