CMLew

Level 23
Verified
Comments? :)

Security researchers are worried that critical vulnerabilities in antivirus products are too easy to find and exploit


Imagine getting a call from your company's IT department telling you your workstation has been compromised and you should stop what you're doing immediately. You're stumped: You went through the company's security training and you're sure you didn't open any suspicious email attachments or click on any bad links; you know that your company has a solid patching policy and the software on your computer is up to date; you're also not the type of employee who visits non-work-related websites while on the job. So, how did this happen?

A few days later, an unexpected answer comes down from the security firm that your company hired to investigate the incident: Hackers got in by exploiting a flaw in the corporate antivirus program installed on your computer, the same program that's supposed to protect it from attacks. And all it took was for attackers to send you an email message that you didn't even open.

This scenario might sound far-fetched, but it's not. According to vulnerability researchers who have analyzed antivirus programs in the past, such attacks are quite likely, and may already have occurred. Some of them have tried to sound the alarm about the ease of finding and exploiting critical flaws in endpoint antivirus products for years.

Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications.

Exploiting some of those vulnerabilities required no user interaction and could have allowed the creation of computer worms -- self-propagating malware programs. In many cases, attackers would have only needed to send specially crafted email messages to potential victims, to inject malicious code into legitimate websites visited by them, or to plug in USB drives with malformed files into their computers.

(continue........)
 

DracusNarcrym

Level 19
Verified
If users who care about their endpoints can drop primitive signature-based security solutions in favor of more powerful modern ones, so can companies.

There is already a wide range of alternative security technologies rising (sandboxing, full system virtualization, dynamic behavior analysis, emulation, HIPS, anti-executable software, etc) which can in many ways surpass the security level of any major signature-based security solution.

It's about time new security technology was acknowledged and adopted by enterprises, and this piece of news should be all the more encouraging for them to remove their antiviruses and finally equip themselves with solutions that offer far more advanced protection.

No one of course can suggest that an antivirus cannot still be used as an optional supplement to the new alternative mainline security layers, however that is a different and rather trivial matter to discuss. :p
 
Last edited:

DracusNarcrym

Level 19
Verified
No wonder the news looks bit familiar......
True, also sometimes news are published across news companies as waves of "trending matters" so you get this "buzz" when reading the same things over and over, everywhere. :D

It is even more noticeable when it comes to something as crucial as enterprise cybersecurity.
 

Soulweave

Moderator
Verified
Content Creator
Staff member
Same old argument as before, nothing new.

If a company chooses to have half of the protection, its their fault.

Unlike home users, companies should employ as much security as possible and sadly not all companies do that due to costs, i.e running an older version of Endpoint protection, failing to apply encryption to virtual hard drives across the network, failure to properly include measures to minimize risk of leakage should a vulnerability be abused, failure to fully control what an user is allowed to surf on the web and the list goes on.

This problem existed way belong one can imagine, yet they write again the same concerns.

Most likely will cause some user alert but again, how many companies actually surf the web to dig such articles?
 
L

LabZero

As @hjlbx said

Joxean Koret is a security expert and researcher at the company COSEINC and he said that exist vulnerability of some of the leading antivirus software.

Those that use the same engine or kernel, designed by BitDefender which is present in products such as G-Data, eScan and F-Secure.
Remember that antivirus software is running inside a system with maximum privileges to allow carrying out steps to detect any threat.
Admin privileges could allow an attacker to perform various types of attacks.
Some of the vulnerabilities are remotely exploitable, that means without our knowledge an attacker could take full possession of our PC.
Among the main flaws discovered by researcher include buffer overflow and privilege escalation that allow an attacker to execute malicious code with elevated privileges on the attacked machine.

Now, this is not a news...but despite these vulnerabilities were known by the experts, Joxean posted them, making known to all of us.

All this to say that we must be aware that antivirus software, like any other code, may be suffering from exploitable vulnerabilities to compromise our systems.
 
Last edited by a moderator:

jamescv7

Level 85
Verified
Trusted
Not a surprise article, cause antivirus nowadays doesn't concentrate much on those vulnerabilities unless its totally sever and which why many organization have tested that some are not yet fully fix about those possible danger. Go to the straightforward concept that both active on developments and patches instead.
 
Top