From the link, it's looks like just about every AV firm got hit with this. See icon.......
Flaws found in security products from AVG, Symantec and McAfee
Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
COMMENTS
-
Wednesday 20th July 2016 04:23 GMT Anonymous Coward
Overspecialize...
... and you breed in weakness..
It's a quote from the English adaptation of one of my all-time favorite Anime movies: Ghost in the Shell. And I can't help think that it applies here. Over the years anti-virus suites have expended to tremendously and also started entering fields where it became obvious that the company had no clue what they were doing (basically: they lacked experience). A classic example would be Avast which at one point introduced their Internet security suite. Unfortunately their firewall couldn't cope with many parallel connections, and if things got too much it could even crash your entire machine. It didn't take much: a custom Java application which I once wrote to control some other servers was sometimes enough when it sent multiple commands in a somewhat shorter time frame.
Of course things have changed and got improved over time. And sure: it is true that the amount of threats (and the diversity) has also changed and expanded over time. This isn't a clear right or wrong kind of scenario.
But I do think that some anti virus suites are overdoing things and making it much too complex. Right up to a point where it can even slow your whole computer down. While they still manage to also leave important aspects out. For example, personally I think that ad blockers should be right there on the list of security software, yet many companies seem to oppose that idea (gee, I wonder why...).
-
Wednesday 20th July 2016 05:33 GMT Anonymous Coward
Re: Overspecialize...
Decent points but Ghost in the Shell is what regular movies would look like if Tojo wasn't hung (nationalism run rampant). When bushido is more important than winning you do shit like run out of pilots because it would dishonor them to send them back to train. When your enemy doesn't have that problem the sun rises twice.
-
-
Wednesday 20th July 2016 04:52 GMT gollux
AT WHICH POINT...
Humorously, we'll find that an OS with the latest patches available, web browser with downloads disabled, minimal acceptance of file types and email clients that only accept a minimum of file attachments will be about as safe as we can get for the next couple months... (RIP Bloated AV Suites)
Maybe time to start thinking about that mission specialized barebones *nix box if you don't already have one.
-
Wednesday 20th July 2016 06:13 GMT Baldy50
Re: AT WHICH POINT...
Smart TV's run OS's, web APIs and would not have the processing power to run AV suites, add on boxes too.
With the capability to browse the Internet and online streaming how can this ever more popular device be protected?
Some of the TV manufacturers have written their own versions of popular mobile OS's and from some of your comments on here I wonder how sloppy the coding might be.
-
Wednesday 20th July 2016 06:56 GMT Anonymous Coward
Re: AT WHICH POINT...
I think it is safe to assume that any smart TV has so many exploitable holes that leaving it exposed to the internet, or using it to make any outgoing connections at all beyond well known sites like Netflix is the equivalent of browsing porn sites on a PC running Windows XP without service packs, with IE6 and Flash installed.
-
-
Wednesday 20th July 2016 15:08 GMT Aodhhan
Re: AT WHICH POINT...
...will you get off your *nix high horse and realize this isn't an OS problem. Apparently, you're so stuck on *nix, you don't understand exactly what is going on here.
I'm not partial to one OS over the other, but realistically, I'd put the Windows OS up against *nix for memory hooking/corruption monitoring any day. So will any other penetration tester. So fuzz up your favorite *nix application, and if you look hard enough you'll like find somewhere you can stick a NOP sled and have it point to your favorite malicious code. The only thing keeping someone from taking advantage of it, is the very endpoint software you are so epically calling, "bloated".
...or stick to your barebones *nix OS and run your favorite application which does just a few things or was compiled in 1988.
-
-
Wednesday 20th July 2016 05:56 GMT Ken Moorhouse
"re-routing Win32 APIs underneath applications"
I'm unfamiliar with the nitty-gritty of how anti-malware software receives its inputs, but it looks to me from that description that a root-kit author "simply" needs to impose itself between these hooks to give downstream apps a false sense of security.
-
This post has been deleted by its author
-
-
Wednesday 20th July 2016 11:44 GMT Anonymous Coward
Flaws found in Windows API
I would have thought the flaws were in the Windows API, but then again, what do I know as compared the combined intellectual capacity of IBM, Intel and Microsoft. Detours should have carried a health warning, something like: Detours is unsuitable for use in Internet facing security applications. but then again neither is Windows.
"Detours is a library for instrumenting arbitrary Win32 functions Windows-compatible processors. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary."
How else is AV software supposed to function, since that is basically how they work, transparently intercepting system calls and running a pattern recognition engine on the executable in memory, in the hope of spotting something malicious.
-
Wednesday 20th July 2016 15:27 GMT Aodhhan
Re: Flaws found in Windows API
You can not be serious.
Externally facing OSs has nothing to do with this vulnerability. Apparently, someone has an agenda, is blindly ignorant, or both! You think you can just see a Microsoft OS box, yell, "Weeee... I can take advantage of this vulnerability"?
There are many ways AV applications use to review code. Hooks during dynamic testing of the code is just one method. It's a little more complicated than just looking for a bunch of NOPs in memory.
I have no favorite OS. However, as a penetration tester I will say this... I have more success against externally facing *nix systems than I do externally facing Microsoft systems.
-
Thursday 21st July 2016 07:19 GMT gmathol
Re: Flaws found in Windows API
I work for European banks and we have the nix policy in place for a long time. There is no connection to the Internet and it is not needed - business/technical papers are available in the Intranet. Best thing is - it keeps employees from surfing the Web during work time. Of course there is no wireless accept the wireless smartphone the employee owns and there is of course no link to the mainframes or servers. Our bank application using a two phase authentication which is encrypted and which uses extra hardware plus a smart card which stores nothing. Trouble with fraud - nope.
-
-