Kaspersky & ActiveX Vulnerabilities

I thought anti-virus programs were supposed to keep your hard drive safe. But it turns out that Kaspersky is utilizing one of the same flawed technologies (ActiveX) that makes the Internet Explorer browser so unsafe to use. How ironic. And Kaspersky is supposed to provide the best security! The other irony is that with Internet Explorer, at least you can turn ActiveX off.

My understanding is that Norton's anti-virus program has improved to the point of being almost neck and neck with Kaspersky. Anyone disagree? Does Norton and the other top anti-virus programs also use ActiveX?? If they do, then I'd probably be better off to go ahead and use Kaspersky's risky ActiveX based software vs an anti-virus program that has inferior virus detection.

Also, could someone please supply a link to the most reputable site that tests/compares anti-virus programs?

Thanks in advance.

 

kav 6 mp2 has the activex components removed from the package. They were for a getsysteminformation tool which was used for support.

 

http://www.av-comparatives.org/

 

I would just like to point out that Firefox has no active X technology so rather than consider switching to other anti virus programs, why not just switch to Firefox? A lot of people have done just that for the issue you raise.

 

What do you mean by "mp2"?

Are you sure about this?

Flaws that existed "within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo" enabled malicious web scripts to download files from computers that were using KAV. And the Kaspersky web page on this topic indicates the only action taken to resolve the problem was the removal of some DLL's. So doesn't this indicate that ActiveX controls are still being utilized by their program?

I don't know much about ActiveX software, other than the fact that it's dangerous to use from a security standpoint. So maybe "ActiveX controls" consist of just DLL's, period? Is this what you're saying? And that by removing just the flawed DLL's, Kaspersky totally removed ActiveX software from their program?

http://www.kaspersky.com/technews?id=203038694
http://www.zerodayinitiative.com/advisories/ZDI-07-014.html

 

Thanks for the link.

 

I'm already using Firefox. The issue is that people who aren't willing to risk having ActiveX enabled on Internet Explorer are exposed to ActiveX security holes anyway, simply by using KAV.

But again, I don't know much about ActiveX controls. So maybe they consist entirely of DLL's, and thus Kaspersky eliminated ActiveX from their program simply by removing the DLL's. Plus, it's possible the program could only be exploited if users had ActiveX enabled on Internet Explorer. Meaning that Firefox users would not be exposed to any risks at all. Perhaps someone who is knowledgeable about ActiveX controls will see this thread and offer some clarification.

 

mp2 = maintenance pack 2
i believe its v 6.0.2.614

 

the dlls were removed, so no more activex files, they can't be used anymore.

 

According to some research I just did, ActiveX controls are small computer programs similar to Java applets. So they obviously consist of more than just DLL's. The Kaspersky site referenced above indicates the ActiveX exploits were due to flawed DLL's, which they subsequently removed. It doesn't state they weren't replaced.

I've never heard of software companies disabling part of a program just because of some insecure components. If they did, Windows XP wouldn't exist. So what makes you think the geniuses at Kaspersky would be unable to write some replacement DLL's? As based on what they've already accomplished with the KAV program, it's obvious they could do it in their sleep.

Are you merely assuming the KAV program no longer uses ActiveX technology, just because they didn't spell out that they installed some new DLL's when they removed the insecure ones? Or do you have some other information you aren't disclosing?

 

well indeed the dll's are deleted during installation - these are kaspersky dll's and not windows-related in any way.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504

as for the disabling components part, i didn't even know a "system information" page existed in kaspersky. as far as I'm concerned, its not exactly disabling a critical component - antivirus detection is obviously unaffected.

as for activeX, well not everyone has firefox + java -> both required for kaspersky's system info feature to work. And microsoft's java (java virtual machine) isn't exactly secure either.

The great thing kaspersky has over its competitors is its very fast response time - in terms of virus signatures and program support. As soon as it finds any vunerabilities, they are quickly working to patch it. Kaspersky has bugs just like any other antivirus vendor, including the mighty Symantec/Norton.

 

they remove the dlls that were using activex compeatly. they are/were not required for the function of the program, they were supplementary, for automatic gathering of some information used by support. they were simply removed and nothing put in their place.

 

Yes, the Kaspersky dll's were removed to get rid of ActiveX problems. If you'd like to try, development of a new getsysteminfo tool for online use only is in progress:

http://forum.kaspersky.com/index.php?showtopic=36444

This is a support function - when end users have a problem that needs some assistance from tech support to see PC parameters as plantextract has said.

 

Okay, lets assume the following is true: ActiveX controls were used in the previous version of KAV solely for the "getsysteminformation tool". And this tool was definitely not required for the program to function properly, according to plantextract.

If that's really the case, then it's very bad news, and it really shakes my confidence in KAV. Because I find it almost impossible to believe that a security software company like Kaspersky would not know how risky ActiveX software is.

And intentionally exposing their users to that degree of risk just for an inconsequential tool is mind boggling. As it not only demonstrates a gross disregard for the security of their users' data, it makes me wonder what else they're doing that can compromise my hard drive.

As I'm certainly not a security expert by any stretch of the imagination. So I have to depend on companies like Kaspersky to keep hackers out of my computer. And slipping ActiveX controls into their security software without disclosing it clearly falls under the category of "what in the world were they thinking!?" (You know, when smart people do extremely dumb things.)

Particularly since Internet Explorer's heavy reliance on ActiveX software is one of the reasons that millions of security conscious people have abandoned the browser. But after further evaluation of Norton's anti-virus program, I've concluded that KAV is "the lesser of two evils". Thus my computer will have to continue playing Russian roulette with this Russian program.

 

if you still dont trust kaspersky (although the issue has been fixed), dont use it... simple as that.
I'm still a Kaspersky user and am totally confident in it, as many other kaspersky users are.

 

I'd like to think most people who frequent this forum use a layered approach (i.e. multi-vendor) for their security (at least for Windows OSes). If paranoia still gets the upper hand, you can always run a live CD/DVD with the hard drive(s) unplugged.
No software is bullet-proof.

 

AlamoCity , you should ask your question on kaspersky forum for the best answer you can get from their developers and moderators :

http://forum.kaspersky.com

 

If I didn't use KAV, I would have to use an inferior program, that I also don't trust.

If it's true KAV no longer has any ActiveX controls in place, what's to prevent new ones from being added in the future? After all, Kaspersky exposed their customers to a well known security risk for a tool that wasn't even needed. Without disclosing it.

Suppose they came up with a great new ActiveX based feature that would give them a big competitive edge... would they use it? Without disclosing it? I don't see anything that would deter them. Because at least 200 different people have seen this thread. But yet I'm the only one who has made an issue out of ActiveX being used in a program that's supposed to protect you from exploits.

So apparently, other users don't care that KAV provided hackers with back doors into their hard drive. At least not enough to take ten seconds to post their complaint in this thread. And the reality is that if customers don't give software companies grief for exposing them to unnecessary risks, they'll keep doing it. Especially if it gives them an edge over their competition.

The facts are clear:

1) Kaspersky had to have known that ActiveX technology has a very bad reputation for being easily exploited. Yet they used it anyway. For an unnecessary tool.

2) Their ActiveX controls were in fact exploited. And the exploits were very serious. As they allowed hackers to download files from their customers' hard drives without leaving any tracks. Some of the people reading this could have had their confidential data compromised. Because the good guys are not the only ones who are constantly searching for security holes in KAV. For every researcher with good intentions, there's probably 100 hackers. So how many hackers discovered the back doors before they were reported?

3) A large percentage of websites are easy to hack into, as all it takes is a vulnerable script that hasn't been updated for a while. And hackers have tools that search the Internet for sites that have vulnerabilities of this nature. Once they've gained access, they can install malicious scripts to hack vulnerable visitors to the sites. And in most cases, the webmasters won't be aware of it if the hacker is keeping a low enough profile.

The point being that you don't have to go to "risky" websites to be hacked. Some of the sites you trust the most could be compromised right now. So having back doors in your anti-virus program clearly puts you at risk no matter where you go on the Internet.

4) According to plantextract, the removal of the offending DLL's is the only thing that has been done to lock the back doors in KAV. Is this enough? I don't think so. As every interested hacker in the world is now aware of these security holes. So what's to prevent them from using their thousands of compromised websites to load the three offending DLL's back onto computers?

As I believe most firewalls accept DLL's from websites by default. Meaning that the vast majority of users have no idea which websites are installing DLL's onto their hard drive at any given time. It's all done automatically.

Has Kaspersky added their own rogue DLL's to the list of nasty things KAV is watching out for? I'll be waiting to hear from plantextract on this, as he seems to have some inside information on this issue.

 

i would folow trhe sergestion by ulgy to post your question at the kaspersky forum.
the kaspersky forum is a good source of kaspersky infomation.
and you can even pm a kaspersky developer at the forums
lodore

 

There is no securuty issue with software using ActiveX for its own purposes.

The problem with IE is that IE allows other software to execute and that software mayhave naughty ActiveX,

 

Could you clarify this? Do you mean that in order for the KAV exploit to have worked, victims would have to be using IE, with ActiveX enabled?

 

The reason I haven't posted any questions on the Kaspersky forum is because the company ignored an email I sent them on this topic. So I don't have much confidence that a developer would respond to me. Besides, posting complaints on the forums of software companies doesn't give them much exposure. Thus there's less incentive for them to stop doing things they shouldn't be doing, such as slipping unsafe ActiveX controls in their security software without disclosing it.

Also, I prefer Wilders, since it's the best security forum in the world, and I'm sure Kaspersky has tech guys who hang around on this forum. So if they wanted to respond to this issue, they would. Meaning that I'm getting the same response here that I'd get on their forum.

 

Kaspersky techs do not have time for all posts (some more theoretical than others) in all the forums in this world, in fact it's pretty safe to say they do not post in any official capacity at all..........just like the techs of other vendors.

As for the:

Priceless.........you're good, i'll grant you that, but absolutely priceless!

 

I do not know the particulars of the "KAV exploit".

IE is exploited because IF ActiveX is enabled in IE, IE will let 3rd party ActiveX code execute, that's what does the damage.

Firefox just does not let ActiveX code execute, so no harm can be done.

 

Kaspersky developers or company representatives aren't the only ones posting on the Kaspersky forums, and the same goes here at Wilders.
You'd do better to include your posts there as well concerning Kaspersky products. Avoiding their public forum just because your email wasn't responded to by Kaspersky tells me your feelings were hurt.
Ulterior motives aside, it's looking more like the mouse avoiding the cat.