Posted on 12/09/2015 8:09:52 PM PST by dayglored
Some of the biggest names in the security software business have been compromised by a serious flaw that could allow a hacker to use the commercial security code to infiltrate computers.
In March, researchers at security firm enSilo found a serious flaw in popular free antivirus engine AVG Internet Security 2015. They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system.
enSilo got in touch with AVG and the flaw was fixed within a couple of days. But the team then went through other security suites and found that McAfee VirusScan Enterprise version 8.8 and Kaspersky Total Security 2015 were also vulnerable.
"We'll continue updating this list as we receive more information," said Tomer Bitton, VP of research at enSilo, in a blog post.
"Given that this is a repetitive coding issue amongst Anti-Virus - an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products."
This isn't a theoretical attack vector. Google's in-house hacker Tavis Ormandy found a similar issue with Kaspersky and wrote a blog post detailing how to exploit the problem.
Given the possible widespread nature of the problem, enSilo has created a free checking utility called AVulnerabilityChecker and stuck it on Github for anyone to use. Intel, owner of McAfee, and Kaspersky have now fixed the issue, but users are advised to check that they have all the latest updates.
Free NSA back door in specially marked boxes!
Eset not mentioned and its faster too.
But but what about PC Matic that’s made Here in the USA?
Is AVG same as Avast?
No.
bkmk
We have PCMatic and we like it a lot.
The only problem is that I miss the cute blondes who used to advertise it.
Thanks for the ping. I’m gonna check my Kaspersky, but it should be up to date. I have Kaspersky Internet Security 2015, not Kaspersky Total Security 2015, but I’m gonna check anyway.
Hmmmmm ..?? I have not had any issues with Norton !! My system is working just fine.
Thanks to dayglored for posting and pinging.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Me, too. I have KIS 2015 also.
Hackers are not invading personal computers. The money is invading-hacking corporate computer systems. Small businesses.
I have McAfee on the work boxes. It doesn’t catch anything. Symantec sort of did once in a while.
I’ve had Norton on this computer since Day One (I’ve had it four years). Yesterday it seemed a little wonky so I ran Malwarebytes, and dang, if I hadn’t picked up PUP.Optimal.InstallCore.
Thanks to Malwarebytes directions, and two other cleaning programs later, I got all the damage off, but I am not a happy camper! I don’t download programs and thought I was careful when surfing but evidently not.
Used to go with AVG but switched to Windows Defender a few years ago and haven’t had an issue. I practice safe browsing and use the Avira Browser Safety plug-in with Chrome. My wife uses FireFox with the AVG Site Safety plugin.
Avira user here...and disconnected Defender - too many reports of so-so performance. Avira is relatively “light weight”, too.
If you’re using Windows, I highly recommend you use Windows Defender with the firewall or MS Security Essentials. They are designed to work in tandem with the OS, are a much smaller footprint than third-party AV, and they are updated regularly by MS updates.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.