back to article Kernel sanders: Webroot vuln creates route to root Macs

Details of a locally exploitable but kernel-level flaw in Webroot's SecureAnywhere macOS security software were revealed yesterday, months after the bug was patched. panic Webroot antivirus goes bananas, starts trashing Windows system files READ MORE The fact that the memory corruption bug (CVE-2018-16962) is locally …

Silver badge

Asking for trouble

Who thought calling it "SecureAnywhere" was a good idea?

3
2

Re: Asking for trouble

Simple typo - they just missed the question mark at the end...

2
0
Anonymous Coward

WebRooted (and others)

A friend of mine sent me a screenshot of her Windows PC popping up low memory warnings.

Using the time stamp of the screenshot she had sent made it very easy to locate the low memory problems in Windows Event Viewer that showed her newly installed "PC-Matic" AV program was causing the low memory issue whenever she was logged on to her Gmail account on Chrome's web browser..

The "PC-Matic" control panel looked extremely cheesie and reminded me of those fake AV programs that would throw false positives and extort money from users to remove non-existent viruses.

I had never heard of the program but my friend said it was heavily advertised on TV and radio.

Process Explorer uploaded SHA sums of running processes to VirusTotal and a couple of the AV engines were flagging this PC-Matic as suspicious which I found comical.

I also noticed another running process that was related to WebRoot even though my friend said she had uninstalled WebRoot long ago.

WebRoot wasn't listed in the list of programs in Windows Control Panel.

I found an executable for WebRoot stll running and logging everything being done on the PC.

I found other users of WebRoot online that were having trouble removing the program as well and even if users go through the Captcha-like process of entering the Captcha code to uninstall WebRoot there will still be running processes unless the user runs an elevated command on CMD.exe.

There were also remnants of the usual suspects in the Windows registry for Avast, AVG and of course McAfee.

You can add me to the list of people that have been warning users to "Kill your antivirus, maybe keep Windows Defender".

What alerted me of these so-called "security" companies years ago was when I received a fake virus warning on my Android phone that linked to a dodgy "Antivirus/Cleaner" app on the Google Play store.

After the horrible experience I had with Google's representatives on the issue I was forced to take matters into my own hands and had to learn how to protect myself and others.

What I discovered about the apps that I had installed on my own device forever changed my beliefs about all these so-called "security" companies.

The recent article about TrendMicro's apps is only the tip of the iceberg and actually very mild compared to what I've seen.

3
2
Silver badge

GCHQ IC Enterprises Bods Ringing NSA Belles and Pleasure Robots

That is a Serious Systemic Compromise. And Novel Portal for Further Exploitation and Virtual Exploration.

And Quite Perfect for the likes of a DARPA "AI Next" Campaign .... https://www.darpa.mil/news-events/2018-09-07

You're very welcome to try and Trump that for an Astonishing Leading Role.

I trust you are Archiving Novel Virtual Directions for Future Travel, El Reg. Amassing a Compendium of Greater IntelAIgent Games to Play with Global Operating Devices in Remote Command of Virtual Control. And that is Absolutely an Almighty Source with Overpowering Forces at Instant Beck and Call.

I wonder what would be a Wise Angel Investment Granting Entry into Earthly Asset Command and Control Systems for Future Applications and Current Running Presentations .... Media Replayed Realities.

Paint a Bigger Better Picture with New Deeds Done and Thoughts Shared Today are Realised for Tomorrow. Done well, IT has a Sublime Existence.

Thoughts there Congregate around Chatter of Transubstantiation. Heap Powerful Medicine, Kemo Sabe.:-)

1
1
Silver badge
Coat

Re: GCHQ IC Enterprises Bods Ringing NSA Belles and Pleasure Robots

OK, throw me a bone here. I went through this post and removed all lower case letters and it still doesn't make sense. Anagram solvers simply buckled under the load. What could I be missing?

TSSCANPFEVEAQPDARPAAINCYTALRIANVDFTERACGIAIGPGODRCVCAAASOFIBCIWAIGEEACCSFACRPMRRPBBPNDDTSTRTDITSETCCTHPMKS

0
0
Silver badge

Re: GCHQ IC Enterprises Bods Ringing NSA Belles and Pleasure Robots

OK, throw me a bone here. I went through this post and removed all lower case letters and it still doesn't make sense. Anagram solvers simply buckled under the load. What could I be missing? .... Robert Helpmann

A few extra unlocking key words which be assumed and presumed private sensitive proprietary intellectual property and/but kept strictly need to be known is a great place to start, RH.

The bigger question here though, which if not well answered by that which you can surely only just imagine to be supplying Great British Intelligence Service, is how to counter and lead the direction of what is patently still a relatively unknown unknown before it becomes overwhelmingly mainstream and almighty powerful ........ Rapidly Rogue and Rabidly Renegade :-)

And what you can be absolutely certain of is that isn't going to be much fun for a whole heap of dodgy systems and exclusive elite executive administrations .... but it is surely what they deserve.?!

1
0

Re: GCHQ IC Enterprises Bods Ringing NSA Belles and Pleasure Robots

Pardon?

0
0
Silver badge

There seems to be an epidemic lately

Of "security" software on Apple platforms that is a bigger threat than the malware they claim to protect you from.

0
0

Re: There seems to be an epidemic lately

Still no antivirus software required, though. Fnaaar, fnaaar.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018