To Customer Support To Customer Support

Security wares like Kaspersky AV can make you more vulnerable to attacks

  • 24 September 2015
  • 5 replies
  • 292 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

Products often open computers to hacks they otherwise wouldn't be vulnerable to.

by Dan Goodin (US) - Sep 23, 2015
 
                         http://cdn.arstechnica.net/wp-content/uploads/sites/3/2015/09/kaspersky-av-exploit-640x363.png
 
Antivirus applications and other security software are supposed to make users more secure, but a growing body of research shows that in some cases, they can open people to hacks they otherwise wouldn't be vulnerable to.
 
The latest example is antivirus and security software from Kaspersky Lab. Tavis Ormandy, a member of Google's Project Zero vulnerability research team, recently analyzed the widely used programs and quickly found a raft of easy-to-exploit bugs that made it possible to remotely execute malicious code on the underlying computers. Kaspersky has already fixed many of the bugs and is in the process of repairing the remaining ones. In a blog post published Tuesday, he said it's likely he's not the only one to know of such game-over vulnerabilities.
 
Full Article

5 replies

R
Rank
Userlevel 7
Good article, buy quite disturbing in reference to AV software. How many more are vulerable to attacks that we don't know about.

   
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Max MetzgerSeptember 30, 2015A security researcher at Google has discovered more zero-day exploits in Kaspersky's anti-virus software.
 
Tavis Omandy, the security researcher, discovered several vulnerabilities. One involved a security measure Kaspersky had used to randomise memory allocation so hackers could not so easily exploit their location. Unfortunately, the memory allocation was not random and Omandy effectively used a Windows DLL file, used to allow programs to share resources, to effectively execute an attack.
 
Full Article
R
Rank
Userlevel 7
Just goes to show you Kaspersky's anti-virus software is not the best in
my opinion, there customers should be aware of this problem and switch
to the best which is Webroot.
Dermot7
Rank
Userlevel 7
Badge +3
 
A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself.
Google Project Zero security researcher Tavis Ormandy is on a roll these days, finding zero-day exploits in the same Kaspersky antivirus in early September, and then another one in the Avast antivirus just the past week.    
 
    http://news.softpedia.com/news/vulnerability-open-to-abuse-fixed-in-kaspersky-internet-security-antivirus-494280.shtml
Baldrick
Rank
Userlevel 7
Nice article...just goes to show that one can never be too complacent about things and that even the 'big boys' are vulnerable/not perfect in everything they do.
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.