Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus/antimalware could make you more vulnerable.


  • Please log in to reply
35 replies to this topic

#1 SuperSapien64

SuperSapien64

  • Members
  • 810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 10 January 2016 - 03:43 AM

I just came across this story about how antivirus/antimalware can be hacked/exploited, they do this exploiting flaws in the software and since AV/AM have elevated privileges once hacked they have control over they entire system. But fortunately this types of attacks only effect enterprise/corporate currently. http://www.pcworld.com/article/3020327/antivirus-software-could-make-your-company-more-vulnerable.html



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:06 PM

Posted 10 January 2016 - 07:35 AM

IMO it's not a reason not to use AV and AM, as the risk of getting compromised by your AV via specialized malware is lower than the risk of being compromised by ordinary malware in the absence of AV protection - especially in consumer settings.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:06 PM

Posted 10 January 2016 - 07:56 AM

Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes.

Malwarebytes is not an antivirus program but the writer lumps it into that grouping.

Antivirus vendors don't seem too concerned about the potential for widespread attacks against their consumer products. For the most part, researchers agree that such attacks are unlikely for now because typical cybercriminal gangs have other, more popular, targets to attack such as Flash Player, Java, Silverlight, Internet Explorer or Microsoft Office.

Malware writers would much rather target a large audience through social engineering where they can use sophisticated but less technical means than proof-of-concept viruses. Social engineering has become on of the most prolific tactics for distribution of malware, identity theft and fraud.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 10 January 2016 - 11:34 PM

IMO it's not a reason not to use AV and AM, as the risk of getting compromised by your AV via specialized malware is lower than the risk of being compromised by ordinary malware in the absence of AV protection - especially in consumer settings.

Agreed but if the AV companies don't take action soon then down the road more servers could be compromised, but correctly blackhats are focused on other ways to infect systems.

 

 

Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes.

Malwarebytes is not an antivirus program but the writer lumps it into that grouping.

 

I know that MBAM isn't an AV but it is a security app. (A very good one in fact)
 

Antivirus vendors don't seem too concerned about the potential for widespread attacks against their consumer products. For the most part, researchers agree that such attacks are unlikely for now because typical cybercriminal gangs have other, more popular, targets to attack such as Flash Player, Java, Silverlight, Internet Explorer or Microsoft Office.

Malware writers would much rather target a large audience through social engineering where they can use sophisticated but less technical means than proof-of-concept viruses. Social engineering has become on of the most prolific tactics for distribution of malware, identity theft and fraud.

 

True but these vulnerabilities shouldn't be ignored.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:06 PM

Posted 11 January 2016 - 08:54 AM

Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes.

Malwarebytes is not an antivirus program but the writer lumps it into that grouping.

I know that MBAM isn't an AV but it is a security app. (A very good one in fact)

That comment was directed toward the writer of the article placing Malwarebytes in with antivirus software...not you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 PM

Posted 11 January 2016 - 05:22 PM

 But fortunately this types of attacks only effect enterprise/corporate currently.

 

Consumer AV is vulnerable too. Same bugs.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 bleebingjunior

bleebingjunior

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 PM

Posted 12 January 2016 - 08:30 PM

HitmanPro 3 - Second Opinion Malware Scanner

herdProtect Anti-Malware Scanner is a fast and free Windows desktop program which detects malicious threats, spyware and adware by utilizing 68 industry anti-malware scanners. It has no impact on your system resources and uses the herdProtect cloud-based scanning engine. The scanner is a second line of defense and is designed to work perfectly with your existing anti-virus software (we highly recommend you use another anti-malware product with herdProtect). Best of all, it's FREE.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:06 PM

Posted 12 January 2016 - 08:59 PM

HitmanPro 3 - Second Opinion Malware Scanner
herdProtect Anti-Malware Scanner is a fast and free Windows desktop program which detects malicious threats, spyware and adware by utilizing 68 industry anti-malware scanners. It has no impact on your system resources and uses the herdProtect cloud-based scanning engine. The scanner is a second line of defense and is designed to work perfectly with your existing anti-virus software (we highly recommend you use another anti-malware product with herdProtect). Best of all, it's FREE.[/size]

I do not understand your posting as it has nothing to do with the topic discussion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 bleebingjunior

bleebingjunior

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 PM

Posted 12 January 2016 - 09:00 PM

sorry i mean alsways use Second Opinion Malware Scanners dont just trust your av



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:06 PM

Posted 12 January 2016 - 09:21 PM

It is not a matter of trust as everyone should be using anti-malware solutions to supplement their anti-virus because each looks for different things but that is a topic for another discussion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 PM

Posted 13 January 2016 - 01:37 PM

Following the logic of the article linked to by SuperSapien64, one could argue that a second AV makes you even more vulnerable.


Edited by Didier Stevens, 13 January 2016 - 01:37 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:06 PM

Posted 13 January 2016 - 02:58 PM

:whistle:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 13 January 2016 - 03:06 PM

From 2014, just for understanding the problem an AV/AM (or any program) can give: Very interesting PDF.
 
I don't agree or disagree with the author, I just found it a good read!  :wink:
 
Greets!



#14 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 810 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 13 January 2016 - 09:19 PM

 

 But fortunately this types of attacks only effect enterprise/corporate currently.

 

Consumer AV is vulnerable too. Same bugs.

 

Well obviously but the average consumer doesn't need to worry about this type exploit. And it hasn't been proven that any hackers have officially used these exploits in the wild yet although the biggest target would be Enterprise/Corporate.

From 2014, just for understanding the problem an AV/AM (or any program) can give: Very interesting PDF.
 
I don't agree or disagree with the author, I just found it a good read!  :wink:
 
Greets!

Same  :) , thats why I wanted to share this story.



#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:06 PM

Posted 14 January 2016 - 07:24 AM

 

... hackers have officially used these exploits ...

 

What do you mean with officially?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users