Symantec tells customers to disable pcAnywhere software

Roger that Ron. I am on the latest version now 12.5 build 486 (SP3) and have applied the hotfix that I linked to above. All seem well. Just wanted to be sure I was fully patched.

Thanks.

 

You can see the vulnerabilities of other closed source security products here...
http://www.securiteam.com/products/

It seems like security product are more coded securely relatively speaking with lesser bugs compared to the so called low hanging fruits like browsers, adobe products, etc.

VMware has even more vulnerabilities as compared to AV's and other security products. They are all now patched of course.

Malwares most often only bypass the AV's and are not delivered by exploiting the latter's vulnerabilities.

 

How are these collected/ found?

 

Whitehats or greyhats found these vulnerabilities then reported it to the vendors. Or even their in house coders would find so called bugs or investigate bugs found by the blackhats. And the Vendors patch. That's why the security vendors update or upgrade their products. Note that I am not a believer of black listing securiy products.

As far as I know there is no malware created or rather delivered via exploits due to a security product's vulnerabilities. Bypassed of course most often.

 

It's nice that someone's looking though I don't really know how that all works. I'd feel a bit more secure running a product that was either open source or independently audited following a standard methodology.

Well as far as I know no malware is created from exploits ever. It's all about downloading and bypassing to give the payload. But I've never seen that either or any hack that's involved them at all really.

I attribute this to the variety of AVs and lack of significant market share when compared to easy targets such as Java and Flash.

But I still maintain that AVs are insecure in that
1) They are typically closed source
2) They run with high rights and directly hook the kernel
3) They interact directly with malicious software often in dangerous ways (such as file emulation, which allows the malware to run or even file analysis and, of course, the ever overflowable parsing.)
4) They are often "far reaching" with multiple modules that interact with many programs ie: Firewall, link scanner, plugins, extensions, file scanners, cloud scanners etc.

 

They do it by fuzzing and crashing to look for bugs. Some by reverse engineering even without the source code.

You are probably talking about about malwares downloaded by social engineering. Exploits on buffer overflows are very common before then eclipsed by so called cross site scripting, iframe clickjacking etc. Exploits on browsers are fairly common as well as the so called exploit packs to automate malware spread.

Closed source Freeware AV's are fairly common and most often bypassed. Though are not easy target to have an exploit created out of AV's own bugs.

It's Blacklisting and don't have the every signature of every created malware out there and so insecure.

Well, without those rights and kernel hooks, AV's and HIPS, BB's like Mamutu are powerless. Sandboxie will be nothing without its Kernel driver.

 

No, that's not what I'm talking about but it's not really relevant. It's a matter of semantics and I understand you well enough.

I get how they do it, there are hundreds of fuzzing tools out there. Methodology and a standardized test are important. How do I know that every product is being tested the same way the same number of times? Maybe security products are just "built secure" but I doubt that some of the bulkier ones are so sturdy.

Of course.

 

Ah ok. As long as you got the point.

 

I think I do. That website's interesting though - thank you.

 

NO problem.

To clear up and rephrase what I said earlier and to add to this...

To be exact. Exploits are created from exploiting vulnerabilities.

Exploit will spawn the shellcode. The shellcode's payload is the command shell to be returned or the malware to be downloaded or the dropper to download the malware or execute/decrypt the main malware body encrypted/embedded inside innocuous file like the already cached jpg, doc, etc or to execute another shellcode which in turn will decrypt the embedded malware or the backdoor on said seemingly innocuous file.

Ergo, malware is created or rather delivered from exploiting a vulnerability, the exploit. Hence, to rectify my statement above.

And since AV's most likely don't have the signatures for every newly created malware and thus, we have the so called BYPASS. As malware executed has the same rights as the AV and with its code injections on trusted process, the rootkit ability and patching done on system processes, it will evade detection until AV has the signature for it.

So as far as I know there's no malware delivered by an exploit on a vulnerability of a security product. But then again, I might be wrong especially in the case of targeted attacks.

 

And speaking of malwares created with certain vulnerabilities/exploits in mind, I can think of Stuxnet and Duqu.

Stuxnet was created with an exploit to the Lnk vulnerability as the infection vector, another zero day privilege escalation exploit and other exploits on vulnerabilities to spread to other networks.

Duqu malware was created and could not be successful if not without the the former zero day kernel exploit on the already patched win32k.sys vunerability on parsing true type fonts.

 

Anonymous claims to have released source code of Symantec's pcAnywhere

https://www.computerworld.com/s/art...e_code_of_Symantec_s_pcAnywhere?taxonomyId=17

 

Re: Anonymous claims to have released source code of Symantec's pcAnywhere

Symantec acts like releasing the source is the end of the world. Do the have something to hide, like a back door?

 

Re: Anonymous claims to have released source code of Symantec's pcAnywhere

It wouldn't have to be a backdoor. There's plenty of info within even old source code that could be used to either exploit their products or evade them.

 

pcAnywhere Leaked Source Code – An Anonymous Review

pcAnywhere Leaked Source Code – An Anonymous Review

http://resources.infosecinstitute.com/pcanywhere-leaked-source-code/

tl;dr their code hasn't changed in 10 years

 

Exploit Unleashed That Crashes pcAnywhere

http://www.darkreading.com/advanced...xploit-unleashed-that-crashes-pcanywhere.html

 

Re: Exploit Unleashed That Crashes pcAnywhere

https://www.computerworld.com/s/art...nerable_to_pcAnywhere_hijacking?taxonomyId=17

 

Moreover

and

Cool, heh? And all this coming from a company that makes security software.

Duuno about others but I am pretty happy right about now that I don't use pcanywhere or any of their stuff.

Speaking of pcanywhere, I was reading on some new personal media cloud called audials anywhere that' ll be launched sometimes soon.

It's some invite based app that's supposed to let you invite friends to browse, download and stream your media collection, as far as I take it.

Do you guys have any idea if it's even remotely related to this pcanywhere program?

Wanna be on the safe side.

 

Umm...looks like I just found out what's the deal with that audials anywhere thing:

http://www.mytechguide.org/11375/audials-anywhere-personal-media-cloud-rumor/

Not related in any way to pcanywhere, I guess, if anyone's interested. I must say that it does sound interesting.

Although they say it's a personal media cloud I suppose it's more like one of those private tracker things than like cloud computing services, since it's invite only and nobody can access your stuff without your permission it should be more secure than filesharing sites, for example. Right?