Hackers Looking Hard For Anti-virus Software Vulnerabilities

Discussion in 'malware problems & news' started by ronjor, Jul 26, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,715
    Location:
    Texas
    Article
     
    ronjor, Jul 26, 2005
    #1
  2. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Looks like signature based file scanners are about to be under attack.


     
    Starrob, Jul 26, 2005
    #2
  3. tom772

    tom772 Guest

    Thank for keeping us all posted on current news Ronjor - cant get any worse can it!!?

    To be honest along with some of the other news you have posted this week, is there ever going to be a time when people can feel safe online without worrying about security.(internet 2 maybe?)

    take care T
     
    tom772, Jul 26, 2005
    #3
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi, tom772

    Use someone else's computer. ;) [remotely, that what I do much cheaper. :D :D ]

    Take Care,
    TheQuest :cool:

    PS: It my JOKING
     
    TheQuest, Jul 27, 2005
    #4
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I feel perfectly safe online without worrying about security. You should too!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
    Rmus, Jul 27, 2005
    #5
  6. ---

    --- Guest

    After reading the article, I have come to the conclusion that it is security software as a whole that is coming under attack. People are trying to find flaws in them, much as they do for Windows, browsers, email clients etc.

    The examples given are for main stream security software which are naturally antiviruses. But I have no reason to believe that security software based on other non signature based methods are immune to exploits.

    In fact, given their nature, I think they are even more vulnerable than signature based file scanners.
     
    ---, Jul 27, 2005
    #6
  7. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Why do you think behavior based software is more vulnerable than scanners? I am interested in hearing the weaknesses of using this method since everyone only talks about the strenghts.



    Starrob
     
    Starrob, Jul 27, 2005
    #7
  8. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    236
    Location:
    Netherlands
    There always have been AV vulnerabilities. Most notoriously in decompressing engines.

    I don't see a widespread exploit of these vulnerabilities for the following reasons:
    - Most AV engines automatically update itself.
    - There's no generic AV. Eveyone uses as different AV product.
    - AFAIK most vulnerabilities are of DOS nature and not remotely exploitable.

    This could change when Microsoft launches or bundles it's security suite :rolleyes:

    The article discusses fooling signature based scanning on file types and recursion in archives files. I don't know how they want to fool file types. Maybe be masking an an executable as .doc, which usually passes through? Compressed file types remain the weak spot, see the My-Doom outbreak and the vulnerabilities in decompressing engines.

    If the AV industry can't address these weak spots, we can always consider quarantaining or blocking compressed files.
     
    diginsight, Jul 27, 2005
    #8
  9. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Thanks for the insight diginsight....Always love to learn new things.



    Starrob
     
    Starrob, Jul 27, 2005
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...