Research shows antivirus products vulnerable to attack

Page 1 of 3 123 LastLast
    Research shows antivirus products vulnerable to attack

    Research shows antivirus products vulnerable to attack


    Posted: 19 Feb 2016

    A Google researcher has been reporting severe vulnerabilities in security suites from Kaspersky, Trend Micro, MalwareBytes, FireEye, AVG, ESET and now Comodo.

    Google security researcher Tavis Ormandy has long been a pain to vendors of commercial software with significant bugs, which is to say all vendors of all commercial software.

    Lately he has been on a tear finding truly shocking vulnerabilities in commercial Windows security suites, what most people call antivirus. The latest: "Comodo Internet Security installs and starts a VNC server by default," and does not restrict access to it. VNC is an open source remote control tool.

    In fact, Ormandy is not claiming to have found this particular feature, which has been reported many times before. The VNC server is part of Comodo GeekBuddy, a tech support tool which Ormandy accuses of "...a number of questionable and shady tactics to encourage users to pay for online tech support." The server allows for local privilege escalation...


    Read more: Research shows antivirus products vulnerable to attack | ZDNet
    Brink's Avatar Posted By: Brink
    19 Feb 2016


  1. Posts : 3,367
    W10 Pro x64/W7 Ultimate x64 dual boot main - W11 Triple Boot Pending
       #1

    Corporate greed getting in the way of personal as well as corporate system security? Fortunately what I use here hasn't been tossed on the list so far. But it does show that these programs are not always so 100% as the claims are.
      My Computers


  2. Posts : 569
    Windows 10 Pro/Windows 7 Ultimate
       #2

    Research shows antivirus products vulnerable to attack


    Well I use ESET, I find it mostly effective but there are going to be a few things that get through. What you have to start setting up are protections for patterns of behavior and there are ways to block the behavior with the app specifically in the web blocking section. You can block IP address ranges, I start with that then I set up a rule for certain processes to not allow connection to an external network. The thing about this Komodo attack, isn't that some kind of team viewer style remote connection? So it looks like somebody is piggybacking onto what a Computer, a home computer might define as a safe process and allow.

    On the other hand I have found programs like Avira, Kaspersky, and especially Norton and Mcafee to be wholly ineffective for the size of the programs and the amount of services they hijack from windows, like the firewall service for instance, which is better as it is out of the box from Microsoft than it is after both Norton and McAfee have shredded it
      My Computer


  3. Posts : 3,367
    W10 Pro x64/W7 Ultimate x64 dual boot main - W11 Triple Boot Pending
       #3

    I had looked at ESET as well as Trend Micro while looking for the eventual replacement of the AVG free edition and not finding that to be what was actually needed along with trying out Comodo and a few others. Common sense is going to be found as the Number #1 success story out of all of them!

    None of these programs no matter how much you pay for them or how well they are rated will ever be 100% since new bugs are always just around the corner. So you have to look at how much bugs are spread or find their way onto your system. Emails from strange senders and the web in general as well as files being transferred and not scanned properly by flash drives and other removable media!

    Common sense dictates find a program or separate effective firewall utility as well as something that screens for bad sites! When you have a malicious code detection process in place you are alerted to potential risks while browsing the web. This is why you are now seeing "Internet Security" in the better featured versions of various av softwares since the more you pay the more protections are supposedly added into the program. Obviously some don't live upto their claims!

    With VIPRE Internet Security originally Sunbelt noted for their firewall apps was bought out by GFI and now linked with the ThreatTrack Security site seen at: http://www.sunbeltsecurity.com/Default.aspx still using the original Sunbelt site you have a continually updated data base for malwares and known to be hostile sites where the av software will automatically refresh itself with. I'm sure Symantec(Norton Internet Security suite) as well as others have similar data bases as well they maintain for their commercials customers. That's where the big money is generally found!
      My Computers


  4. Posts : 57
    Win10 Pro x64
       #4

    That issue with Comodo was resolved.
    Reporting issues like this article does only results in paranoid people afraid to use the security software they love. No matter where the security suite came from.
    The report should have finished with stating the fix has been released with these vendors.
    url below:
    "This Makes No Technical Sense"
      My Computer


  5. Posts : 3,367
    W10 Pro x64/W7 Ultimate x64 dual boot main - W11 Triple Boot Pending
       #5

    Why doesn't that surprise me any? Typically blog writers rush to fill blog pages at the slightest incling at something without digging further for all of the facts! A journalist on the other hand is a more thoroughly researched type of writer who takes a much deeper look at things and does his or her homework! And then you have "Garbage" reviews often tainted by some corporate suggestions? The "Make Us Look Good or Else!" takes the forefront there.
      My Computers


  6. Posts : 57
    Win10 Pro x64
       #6

    Additional proof from Google the issues are resolved:

    https://code.google.com/p/google-sec...ues/list?can=1
    Search for vendors, software or vulnerabilities (overflow, sandbox escape etc).

    Project Zero:
    https://googleprojectzero.blogspot.ca/2014/07/announcing-project-zero.html



      My Computer


  7. Posts : 85
    windows10 pro
       #7

    the fact there is nothing bullet-proof/fail-proof in computer security, is not false/wrong

    but again we cant be to paranoid either, or else just unplug ur ethernet and be offline
    and in real-scenario, rather than vulnerabilites in software, usually its user fault when it got infected with malware and suchs

    say even if software(either OS, AV or otherelse) have security-hole, it wont make things bad except you been targeted for exploit attack, and i dont think that what personal user have to worry about, even for company
    except ur company big enough like SONY or APPLE etc.
      My Computer


  8. Posts : 3,367
    W10 Pro x64/W7 Ultimate x64 dual boot main - W11 Triple Boot Pending
       #8

    Well for the personal user not to have any worries is a bit understated when you consider the types of cyber crimes being seen have been on the increase which also identity theft along with credit information! You won't want someone using your identity to perpetrate some crime and you end up being the one who lands in prison!

    The typical malwares and viruses however are more or less aimed at causing havoc by disrupting a system's ability to function normally if not some ad bot or spybot, keylogger, etc. Many can even go unnoticed until you decide to try out a better program that is able to perform deeper scans and uncovers a bug you didn't know was there.

    With the av software here I have actually shut it down and then ran the installer on a download after releasing it from quarantine to find a Yahoo or Google toolbar option prechecked to install along with the freeware. If you decided on a paid program that is one thing you would expect it to be able to do!
      My Computers


  9. Posts : 5,442
    Windows 11 Home
       #9

    Any security software is a risk, because it does not run with admin rights, but with system rights.
    In other words, the more security software you have, the more exploitable your system gets.
    Vulnerabilities of security software are being sold on the black market for this very reason.
    Then again, chances of being targeted like that are slim, unless you are worth hacking.
    Last edited by TairikuOkami; 20 Feb 2016 at 10:52.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:05.
Find Us




Windows 10 Forums