Posted on 12/09/2015 8:09:52 PM PST by dayglored
Some of the biggest names in the security software business have been compromised by a serious flaw that could allow a hacker to use the commercial security code to infiltrate computers.
In March, researchers at security firm enSilo found a serious flaw in popular free antivirus engine AVG Internet Security 2015. They found that the software was allocating memory for read, write, and execute (RWX) permissions in a predictable address that an attacker could use to inject code into a target system.
enSilo got in touch with AVG and the flaw was fixed within a couple of days. But the team then went through other security suites and found that McAfee VirusScan Enterprise version 8.8 and Kaspersky Total Security 2015 were also vulnerable.
"We'll continue updating this list as we receive more information," said Tomer Bitton, VP of research at enSilo, in a blog post.
"Given that this is a repetitive coding issue amongst Anti-Virus - an intrusive product, we believe that this vulnerability is also likely to appear in other intrusive products, non-security related, such as application-performing products."
This isn't a theoretical attack vector. Google's in-house hacker Tavis Ormandy found a similar issue with Kaspersky and wrote a blog post detailing how to exploit the problem.
Given the possible widespread nature of the problem, enSilo has created a free checking utility called AVulnerabilityChecker and stuck it on Github for anyone to use. Intel, owner of McAfee, and Kaspersky have now fixed the issue, but users are advised to check that they have all the latest updates.
Yep, that's been my AV of choice for many years now, since Security Essentials appeared -- the earlier MS offering ("Giant"?) was pretty ineffective in tests.
On other people's personal boxes that I help set up, I often add MalwareBytes for good measure, figuring they probably aren't as paranoid as I am and are more likely to need it.
I prefer CCleaner to keep my systems clean, but I run a series of “sanitary” virtual systems for any browsing considered risky. Those systems are checkpointed and rolled back on shutdown, so I keep my vulnerability footprint small. Any APIs reaching out to the Internet for services (e.g. Azure/Amazon) are either hosted on Linux or on hardened Windows servers.
I’ve not used actual anti-virus on my systems in several years. It’s really unnecessary if you take the proper precautions.
Do you have the newest version of Norton ..??
The reason I ask is that I’ve had attempts made to load Trojans and malware, but Norton has always caught it and stopped it from happening.
Do you run LiveUpdate EVERY DAY ..?? I do; it’s the first thing I do when I log on. I have found lately that there have been 7-8 updates several days in a row. Without LiveUpdate, you won’t be protected.
It’s so easy; I have a small icon for it on my task bar, and I just click to load the window which checks for any updates. I get the icon from the “Programs” listed from “Start” .. and it shows several items under Norton, and there is a specific one for LiveUpdate, so I just pin it to my task bar. Simple. It reminds me every day to use it.
After I posted that, I checked and mine had automatically updated one hour previously.
I used to use AVG, tried Kaspersky and settled on Avast. So far it has been stellar. It works well together with Online Armor.
That’s exactly what I use. Windows Defender, MalwareBytes, and the MalwareBytes Anti-Exploit.
I just checked my settings and I have automatic LiveUpdate which is suppose to download product updates and definition updates every hour you are connected to the internet.
And prior to this malware, I never thought I had a problem so I don’t know what went wrong. It’s fixed now, though.
Thanks
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.