Avast disables JavaScript engine in its antivirus following major bug

Discussion in 'other security issues & news' started by guest, Mar 11, 2020.

  1. guest

    guest Guest

    Avast disables JavaScript engine in its antivirus following major bug
    Vulnerability would have allowed attackers to take over computers running the Avast antivirus
    March 11, 2020
    https://www.zdnet.com/article/avast-disables-javascript-engine-in-its-antivirus-following-major-bug/
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    That's highly ironic :rolleyes:
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,912
    Location:
    Outer space
    Has there been any other AV vendor that has implemented sandboxing for it's own components like MS Defender?
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,960
    Location:
    The Netherlands
    No, I don't think so. But this shows how risky AV's can be, I think it's ridiculous that they make these kind of coding mistakes.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,912
    Location:
    Outer space
    Indeed. There will always be vulnerabilities so the risk needs to be migitated by reducing rights, sandboxing etc. MS introduced the Defender sandbox 1.5 years ago, so I was hoping at least one other AV vendor would have an opt-in sandbox by now. Btw, do you know if the Defender sandbox has been enabled by default by now? When I search for Defender sandbox, all articles are from the original introduction, I don't see any recent articles.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.