Approximately 800 vulnerabilities discovered in antivirus products

[kwismer]

Quote:

Originally Posted by MrBrian

Quote:

Can you please? This was the first I had heard of them.

ok, the post in question is defense in depth revisited, though i've since posted again about the very same announcement this thread is about...

i basically think their figures are FUD, they don't make sense, they don't match up with those of independent organizations, and nruns is anything but independent (making av products look bad drives demand for their own product)...

If this article had even 50% relevance then all of us would be running systems full of malwares, Trojans and virus. So far thats not basically the case, there are infected systems out there but not in the sense which the article is trying to relate to.

[MrBrian]

Quote:

Originally Posted by kwismer

ok, the post in question is defense in depth revisited, though i've since posted again about the very same announcement this thread is about...

Thank you . You have some nice blog entries there.

My own take on this is that at least some of these claimed vulnerabilities do exist, but I'm not going to lose sleep over it unless exploits targeting AV become more common.

[emperordarius]

Every software can have vulnerabilities. Even security softwares. Perfect programming is not possible.

[MrBrian]

McAfee responds to n.runs, n.runs responds to McAfee's response

[Dogbiscuit]

Quote:

Originally Posted by MrBrian

If you have your antivirus set to scan all files, it might detect poisoned files that would result in buffer overflow exploits in other programs. Also, antivirus can scan for malicious scripts.

Can you offer any specifics here for clarification?

[MrBrian]

Quote:

Originally Posted by Dogbiscuit

Can you offer any specifics here for clarification?

I'll give an example of the detection of a poisoned data file. When I did the test explained at http://forums.comodo.com/feedbackcom...html;msg165810, my real-time antivirus detected the poisoned .pls file that was generated.

[Dogbiscuit]

According to the example, had your AV not detected the data file as containing malicious code and Winamp processed the .pls file, could the admin account of your system been compromised even if running as LUA+SRP? Or would the user account have been compromised only?

[Dogbiscuit]

With DEP compatible applications and Vista (w/ASLR, etc.), wouldn't this eliminate the need for this aspect of an AV's protection in restricted accounts?

[MrBrian]

Quote:

Originally Posted by Dogbiscuit

According to the example, had your AV not detected the data file as containing malicious code and Winamp processed the .pls file, could the admin account of your system been compromised even if running as LUA+SRP? Or would the user account have been compromised only?

If a privilege escalation exploit were available and used within the initial buffer overflow exploit code, then yes it could compromise the system even with LUA+SRP. Whether this has ever actually happened in practice, maybe somebody else can address.

Quote:

Originally Posted by Dogbiscuit

With DEP compatible applications and Vista (w/ASLR, etc.), wouldn't this eliminate the need for this aspect of an AV's protection in restricted accounts?

IMHO no, because many 3rd-party programs don't use these technologies. IE 7 also has DEP off by default.

[Dogbiscuit]

Thanks for your explanations.

[MrBrian]

Quote:

Originally Posted by Dogbiscuit

Thanks for your explanations.

You're welcome .

I also forgot to mention that even if your other security measures protect you from harm, a positive AV detection can prevent you from passing potentially harmful files to others who might not employ the same security measures as you do.

[Dogbiscuit]

Good point about not passing on infected files to others.

So maybe someday when all the Vista applications that someone uses are DEP aware and enabled, then buffer overflow exploits will no longer be a serious problem?

[MrBrian]

Quote:

Originally Posted by Dogbiscuit

Good point about not passing on infected files to others.

So maybe someday when all the Vista applications that someone uses are DEP aware and enabled, then buffer overflow exploits will no longer be a serious problem?

To avoid going off topic, perhaps read this buffer overflow thread and post there if you have questions. Post #119 there has links that contain a lot of related info.

[Dogbiscuit]

Thanks.