Flaws found in security products from AVG, Symantec and McAfee Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
... and you breed in weakness..
It's a quote from the English adaptation of one of my all-time favorite Anime movies: Ghost in the Shell. And I can't help think that it applies here. Over the years anti-virus suites have expended to tremendously and also started entering fields where it became obvious that the company had no clue what they were doing (basically: they lacked experience). A classic example would be Avast which at one point introduced their Internet security suite. Unfortunately their firewall couldn't cope with many parallel connections, and if things got too much it could even crash your entire machine. It didn't take much: a custom Java application which I once wrote to control some other servers was sometimes enough when it sent multiple commands in a somewhat shorter time frame.
Of course things have changed and got improved over time. And sure: it is true that the amount of threats (and the diversity) has also changed and expanded over time. This isn't a clear right or wrong kind of scenario.
But I do think that some anti virus suites are overdoing things and making it much too complex. Right up to a point where it can even slow your whole computer down. While they still manage to also leave important aspects out. For example, personally I think that ad blockers should be right there on the list of security software, yet many companies seem to oppose that idea (gee, I wonder why...).
Decent points but Ghost in the Shell is what regular movies would look like if Tojo wasn't hung (nationalism run rampant). When bushido is more important than winning you do shit like run out of pilots because it would dishonor them to send them back to train. When your enemy doesn't have that problem the sun rises twice.
Humorously, we'll find that an OS with the latest patches available, web browser with downloads disabled, minimal acceptance of file types and email clients that only accept a minimum of file attachments will be about as safe as we can get for the next couple months... (RIP Bloated AV Suites)
Maybe time to start thinking about that mission specialized barebones *nix box if you don't already have one.
Smart TV's run OS's, web APIs and would not have the processing power to run AV suites, add on boxes too.
With the capability to browse the Internet and online streaming how can this ever more popular device be protected?
Some of the TV manufacturers have written their own versions of popular mobile OS's and from some of your comments on here I wonder how sloppy the coding might be.
I think it is safe to assume that any smart TV has so many exploitable holes that leaving it exposed to the internet, or using it to make any outgoing connections at all beyond well known sites like Netflix is the equivalent of browsing porn sites on a PC running Windows XP without service packs, with IE6 and Flash installed.
...will you get off your *nix high horse and realize this isn't an OS problem. Apparently, you're so stuck on *nix, you don't understand exactly what is going on here.
I'm not partial to one OS over the other, but realistically, I'd put the Windows OS up against *nix for memory hooking/corruption monitoring any day. So will any other penetration tester. So fuzz up your favorite *nix application, and if you look hard enough you'll like find somewhere you can stick a NOP sled and have it point to your favorite malicious code. The only thing keeping someone from taking advantage of it, is the very endpoint software you are so epically calling, "bloated".
...or stick to your barebones *nix OS and run your favorite application which does just a few things or was compiled in 1988.
I'm unfamiliar with the nitty-gritty of how anti-malware software receives its inputs, but it looks to me from that description that a root-kit author "simply" needs to impose itself between these hooks to give downstream apps a false sense of security.
This post has been deleted by its author
I would have thought the flaws were in the Windows API, but then again, what do I know as compared the combined intellectual capacity of IBM, Intel and Microsoft. Detours should have carried a health warning, something like: Detours is unsuitable for use in Internet facing security applications. but then again neither is Windows.
"Detours is a library for instrumenting arbitrary Win32 functions Windows-compatible processors. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary."
How else is AV software supposed to function, since that is basically how they work, transparently intercepting system calls and running a pattern recognition engine on the executable in memory, in the hope of spotting something malicious.
You can not be serious.
Externally facing OSs has nothing to do with this vulnerability. Apparently, someone has an agenda, is blindly ignorant, or both! You think you can just see a Microsoft OS box, yell, "Weeee... I can take advantage of this vulnerability"?
There are many ways AV applications use to review code. Hooks during dynamic testing of the code is just one method. It's a little more complicated than just looking for a bunch of NOPs in memory.
I have no favorite OS. However, as a penetration tester I will say this... I have more success against externally facing *nix systems than I do externally facing Microsoft systems.
I work for European banks and we have the nix policy in place for a long time. There is no connection to the Internet and it is not needed - business/technical papers are available in the Intranet. Best thing is - it keeps employees from surfing the Web during work time. Of course there is no wireless accept the wireless smartphone the employee owns and there is of course no link to the mainframes or servers. Our bank application using a two phase authentication which is encrypted and which uses extra hardware plus a smart card which stores nothing. Trouble with fraud - nope.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
