Antivirus Is as Vulnerable as Any Other Product

Status
Not open for further replies.
samit

samit

Level 12
Thread author
Verified
Nov 4, 2011
830
Content source
http://news.softpedia.com/news/Antivirus-Is-As-Vulnerable-as-Any-Other-Product-452339.shtml
At the SyScan 360 security conference in Beijing, Koret provided a simple example, saying that “most antivirus engines update via HTTP only protocols.”

Relying on the man-in-the-middle (MitM) attack, “one can install new files and/or replace existing installation files,” which “ often translates in completely owning the machine with the AV engine installed as updates are not commonly signed.”

The researcher provides a list with some vulnerabilities he found when testing his tools on reputed antivirus products. The results included heap overflows, remote vulnerabilities, integer overflows, local privilege escalation, as well as command injection possibilities.

The list of products with one or more of these glitches includes Avast, Bitdefender, Avira, AVG, Comodo, ClamAV, DrWeb, ESET, F-Prot, F-Secure, Panda, and eScan.
 
  • Like
Reactions: Nikos751, Littlebits and Malware1
D

Deleted member 178

The list of products with one or more of these glitches includes Avast, Bitdefender, Avira, AVG, Comodo, ClamAV, DrWeb, ESET, F-Prot, F-Secure, Panda, and eScan.
Click to expand...

lol, guess what ? i am not affected :D
 
  • Like
Reactions: Nico@FMA
Littlebits

Littlebits

Retired Staff
May 3, 2011
3,893
Just because vulnerabilities exists doesn't mean they will be exploited.
Only a small percentage of vulnerabilities are actually exploited mostly Java, Adobe Flash Player, out-dated browsers and other popular software. AV's are usually not targeted by exploits.

Thanks. :D
 
  • Like
Reactions: Nikos751, Koroke San and avast! Protection
Nico@FMA

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
FleischmannTV said:
http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/
Click to expand...

I was already aware of that as there have been a number of problems the last few months.
And thats ok as they have been fixed or they are about to be fixed.
Yet rest assured its going to be very hard ordeal for hacker to get even to SEP. As there is a whole range of hardware security and software policies + a session based master server.
If a hacker gets past that then by all means yourself out at a client pc thats running 100% in virtualization mode.
Keep in mind SEP only kicks into gear as last line of defense so really i am not worried and not affected.
 
Status
Not open for further replies.

Similar threads

Petrovic
    • Like
  • Locked
14 antivirus apps found to have security problems
Replies
2
Views
1,411
News Archive
Nikos751
Nikos751

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top