Raiden

Level 13
Verified
Content Creator
Any news?? Regards.
Well they did say "months" in their response to the OP :p, but in all seriousness I don't think there hasn't been any news since. I honestly do wish the absolute best for Zemana, I really do, but until I see something tangible (an actual release), to me its just smoke and mirrors at this point. They have been promising releases and have always been saying it will be released soon, it will be released soon, that at this point I don't think anyone believes them. I do think everyone wants them to succeed, but this is what happens when you don't come outright and be honest and truthful to your customers. I know it may seem embarrassing to admit failures, or major issues, but as in real life, people respect you more for being honest then trying to pull the wool over people's eyes.
 
E

Eddie Morra

Can someone ask them whether they fixed the vulnerable IOCTL in zam32/64.sys?

The vulnerability was present because anyone could connect as a user-mode client to the Filesystem Mini-Filter's communication port - and the clients to the communication port were then treated as "trusted" to abuse the IOCTL implementation to do something like open a handle to a privileged process (e.g. administrative rights or under the NT Authority Account with SYSTEM rights) which could be abused for privilege escalation.

It's documented by the security researcher who found the vulnerability with MalwareFox Anti-Malware, which appears to be a re-brand of Zemana Anti-Malware, and it was Zemana Anti-Malware kernel-mode software which was abused for the demonstrated attack/s.

http://rce4fun.blogspot.com/2018/02/malwarefox-antimalware-zam64sys.html

Someone didn't read Microsoft's secure guidelines for kernel-mode development:
Driver security checklist - Windows drivers
 

Slyguy

Level 42
Verified
Zemana is a waste of time IMO. When my little test showed how their cloud system works - a series of distributed random PC's sitting in apartments spread across the world I died a little inside. BUT the fact I could see the exposed WAN IP on those devices, along with intimate details of each device I died even more inside.

It's dead. Put a fork in it.