Tavis Ormandy vs. Antivirus - Discussion

Discussion in 'other anti-virus software' started by WildByDesign, Apr 29, 2016.

Page 2 of 2
  1. Gein

    Gein Registered Member

    Was reading about the blog Tavis found in malwarebytes and mbae updating over http, and the possibility of hijacking that update mechanism. The blog post I read was from 2016, but I remembered reading something earlier form another security researcher saying something similar but two years earlier.

    this is the malwarebytes blog post: https://blog.malwarebytes.com/malwa...ebytes-anti-malware-vulnerability-disclosure/
    this is the link indicating a similar bug two years earlier: http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and

    I'm not sure if they are strictly the same bug, but it'd be a little scary if they let a bug like that go for two years without patching it until google called them out.
     
    Gein, Oct 9, 2016
    #26
  2. boredog

    boredog Registered Member

    That was for the free version yes but not the paid version, where you can enable self protection.
     
    boredog, Oct 9, 2016
    #27
  3. WildByDesign

    WildByDesign Registered Member

    WildByDesign, Nov 1, 2016
    #28
  4. 142395

    142395 Guest

    142395, Nov 2, 2016
    #29
  5. truoc

    truoc Registered Member

    What other products are known to do this? Anyone know? Just curious.

    Does Webroot do this?
     
    truoc, Nov 3, 2016
    #30
  6. fax

    fax Registered Member

    fax, Nov 3, 2016
    #31
  7. 142395

    142395 Guest

    All AVs which has an option for SSL scan, but the degree of terribleness differ.
    Avast is relatively better (still far from perfect tho), Bitdefender was bad (worse than Kaspersky in that time; I don't know current state), and Comodo's PrivDog was the worst. IDK about ESET but they have the option too. In all of those AVs except for Avast this feature is turened off by default.
     
    142395, Nov 4, 2016
    #32
  8. itman

    itman Registered Member

    It's turned on by default in Eset ver. 10.
     
    itman, Nov 4, 2016
    #33
  9. itman

    itman Registered Member

    I still don't know what Travis is referring to by "32 bit." Is it symmetric algorithm key length? That would be a fiasco if Kaspersky used that key length for their self-signed certs.
     
    itman, Nov 4, 2016
    #34
  10. WildByDesign

    WildByDesign Registered Member

    Some Kaspersky filesystem ACL and also SSL bugs. Bug reports within the quoted tweets below.

    Source: https://twitter.com/taviso/status/816372419619266560

    Source: https://twitter.com/taviso/status/816373947109228546
     
    WildByDesign, Jan 3, 2017
    #35
  11. Rasheed187

    Rasheed187 Registered Member

    I think SSL filtering by AV's is a bad idea.
     
    Rasheed187, Jan 8, 2017
    #36
  12. WildByDesign

    WildByDesign Registered Member

    WildByDesign, May 23, 2017
    #37
  13. itman

    itman Registered Member

    https://github.com/taviso/loadlibrary/blob/master/README.md

    Let it rip, Travis! Pretty much know how this one is going to end up.
     
    Last edited: May 23, 2017
    itman, May 23, 2017
    #38
  14. guest

    guest Guest

    So basically he ported MsMpEng to Linux to be able to fuzz it more easily, so he can test his PoC in a more efficient way.
     
    guest, May 23, 2017
    #39
  15. elapsed

    elapsed Registered Member

    Good for him, hopefully the end result is more fixes for millions of Windows users.
     
    elapsed, May 24, 2017
    #40
Page 2 of 2
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice