Discussion in 'other security issues & news' started by MrBrian, Jul 8, 2008.
Approximately 800 vulnerabilities discovered in antivirus products
Hmm AVG,BitDefender and F-prot the lowest to vulnerabilties.
Note: that's not including the newly discovered vulnerabilities mentioned in this story.
... and now add all the vulnerabilities probably contained in all these HIPS, Personal Firewalls
I once wrote in another thread here: The more security software you use the larger is your attack surface. This report seems to confirm that.
I do wonder at times if adding security sometimes may decrease ones security In the OS itself.Like for Instance the vulnerablilities In the security apps them self opens the door for lets say a bad guy that is not there with out the security product In place.PS still prefer to have something in place. though not perfect sometimes still better then nothing I think.
I would like to know how many of those 800 vulnerabilities are real (=dangerous) vulnerabilities... I've seen some "vulnerabilities" discovered by n.runs - which I certainly wouldn't call "vulnerabilities", maybe not even "issues"... but rather features they don't like.
Why not LUA+SRP?
Well yes LUA Helps of course but I run vista with DEP ALL Programs with UAC ON=protection Mode On, Is that not essentially the same where I have to approve admin elevation.Besides the fact with Kav and Shadow Defender on board. may I add FirstDefense-ISR and a Offline clean Image if anything does escape my defense. I see No reason To run LUA but good suggestion all the same.
My how approaches have changed here over time...
I was thinking of posting a reference to this in one of the LUA threads. Since resident anti-virus products often run code in the LocalSystem account, a buffer overflow vulnerability in that part of the anti-virus product code could lead to full system compromise, even with LUA+SRP.
the folks at n.runs are a little - how should i put this - sensationalistic about the scanner vulnerability issue...
it probably has something to do with the technology they're offering that is supposed to take care of the class of vulnerability they're going on about...
should i post a url to the blog post i did on them back in november of last year?
So the inference is that running with LUA+SRP is safer without an AV?
Actually yes. No new malware can be started without your knowledge, and if you want to install an application you can check it with, e.g., Virustotal first.
It does sound a bit scary to me, so perhaps it´s time to run scanners inside a sandbox? Another reason why we really need to have Hyper V virtualization inside the OS. And all security tools have bugs, still I think it isn´t really likely that we will get to see firewalls and HIPS being exploited.
As long as software will exist expolits and bugs will be there also and as long as viruses exists Antiviruses will be necessary. And of course viruses and exploits will always appear first and then the update. That's logical and simple.
No need to get paranoid for everything discovered.
Could not agree more.
That's the way I've been operating since SRP was made available for XP Home here (thanks). It's also reassuring to see some confirmation of my hunch. Now the biggest problem is forgetting to check a file with VirusTotal first.
I would say not necessarily. If you have your antivirus set to scan all files, it might detect poisoned files that would result in buffer overflow exploits in other programs. Also, antivirus can scan for malicious scripts. So I would say that antivirus is a dual-edged sword with LUA+SRP.
That's a possible solution.
Can you please? This was the first I had heard of them.
Was Avira tested?
A couple of such attacks have been documented.
Well then it seems that Avira is not on their graph so it appears not to have done shabbily.
The graphs shown don't include the ~800 vulnerabilities n.runs claims to have found.
Separate names with a comma.