Report finds security tools add software vulnerabilities of their own

Discussion in 'other anti-malware software' started by ronjor, May 31, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    http://searchsecurity.techtarget.co...ols-add-software-vulnerabilities-of-their-own
     
  2. guest

    guest Guest

    Sounds like a nonsense to me. Even if you don't install anything you still have vulnerabilities. True, installing other programs might increase your attack surface. But regarding security products, you are covered by the security features of the product itself. There are trade-offs for everything.
     
  3. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Thanks, Ron
    An eyeopening report. It leaves you wondering which applications that one may be using can be truly trusted to be secure.

    Regards,

    Bob
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Duh. Been saying this for ages now. Security software is massive attack surface, it injects itself into tons of programs, and it buries itself into the OS. An attacker who wants into a system running Chrome doesn't need to do any fancy kernel exploitation or sandbox bypass, they can just go straight for the AV, which is stupidly injection some non-ASLR enabled binary that parses unfiltered input and get insta-admin.
     
  5. guest

    guest Guest

    Never heard of Kaspersky Internet Security being exploited though. :p
     
  6. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,090
    Location:
    Netherlands
  7. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,919
    AV for AV
    lol
     
  8. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,919
    EMET 3.5 has 12 mitigations against exploits. Is it better to protect security apps as well?
     
  9. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,090
    Location:
    Netherlands
    No, I would only mitigate software running scripts/access to internet (browser, mail, media player pdf, office, etc)
     
  10. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,919
    Thanx. Actually I shoved into EMET all my routine apps except security. Some apprehensions they can malfunction.
     
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I would also say that running multiple realtime anti-malware solutions compounds the vulnerability risk perhaps exponentially.

    One example is Zemana's Anti-logger injecting .dlls into other anti-malware relatime prtotection to avoid "conflicts." I caught it doing the same to NIS 2013 SONAR protection.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Surprise, surprise. :rolleyes: What do people expect? Security software is software. Any software will contains bugs. Any of these bugs can have security implications. Or, was anyone under the impression that security software is different from other software? The only difference is the security word in it.
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Not surprised at all, another reason to stick to a basic 1st party setup. You don't see MSE loading non-ASLR DDLs.
     
  14. guest

    guest Guest

    Sorry for being OT, but does Process Explorer also show us if a program uses ASLR or not?
     
    Last edited by a moderator: Jun 1, 2013
  15. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    Yes, as well as the DLLs it has loaded.
     
  16. guest

    guest Guest

    Thanks for the clarification. :thumb:
     
  17. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,090
    Location:
    Netherlands
    See picture
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.