Antivirus Is as Vulnerable as Any Other Product

Discussion in 'other anti-virus software' started by cnople, Jul 28, 2014.

Thread Status:
Not open for further replies.
  1. cnople

    cnople Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    48
    Location:
    UK
  2. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,070
    Location:
    Germany
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    This is why they are perfect target for hackers that want to get full access to your system.
    That's a surprise to me. I never thought that they don't implement this basic security mechanism to their update process. There is even an AV product that sends username and password (that are required for update) over http. That AV company doesn't even seem to acknowledge this as a security problem :confused:
     
    Last edited: Jul 28, 2014
  4. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    LOL, ESET comes to my mind.
     
  5. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    And the table footballers come to my mind.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    Yes, that's the one I was thinking about.
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    0-days found in Symantec Endpoint Protection
    http://www.net-security.org/secworld.php?id=17185
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    http://www.scmagazine.com/symantec-...s-enable-privilege-escalation/article/363657/
     
  9. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    No software will ever be perfect.. And no software will ever replace common sense, even if common sense is a dieing breed.
     
  10. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    Scary article, it makes one wonder that all they care about is getting your money.
     
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Nonsense. AV software is still software like any other, of course it will still have bugs. You should see how sloppy malware is written 99% of the time... its also just a software.
     
  12. guest

    guest Guest

    It's not about software bugs. It's about vulnerabilities on purpose. In what way you define component and signature updating only through plain HTTP as a software bug?
     
  13. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    And what difference does it make? If one is to brick the AV, they'll do it with HTTPS just the same.
     
  14. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    But the consequences are much worse when they screw up.
     
  15. guest

    guest Guest

    At least it would decrease the chance of an attack to be successful plus it's more honourable for the vendors/developers to put real efforts instead of keep adding registry cleaners and gaming/movie/work/whatever profiles.
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Even Snake Oil does not detect malware day in day out, that's just not realistic, in a real world.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    "On 1 March 2014, Joxean Koret tweeted some of his findings. ESET proactively contacted him to learn more about the issue. ESET resolved the problem and published an update in less than three days. ESET always welcomes researchers who follow responsible disclosure procedures of bugs and issues. While we do everything possible to ensure that products are fault free, sadly no software is perfect,“ said Jakub Debski, Head of Core Technology Development at ESET
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
Loading...
Thread Status:
Not open for further replies.