Reporting NOD 32 security weakness / bug

Discussion in 'ESET NOD32 Antivirus' started by Lodewyk, Jul 6, 2009.

Thread Status:
Not open for further replies.
  1. Lodewyk

    Lodewyk Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    2
    Dear sirs

    Could you please advise on me on the channels I should follow in order to report a security weakness which I have identified in "NOD 32 Home 4.0.437.0"?

    Exploiting this weakness enables a third-party application (eg. malware) to do the following:

    i) disable the antivirus and anti-spyware protection without the permission of the user.

    ii) close the "NOD32 GUI Window" and keep it hidden from the user, preventing him / her from re-activating the antivirus and anti-spyware protection.

    I would dearly like to send ESET a sample application, together with the C++ source code, to demonstrate the exploitation of the weakness.

    I have already sent this information to "samples@eset.com" a couple of weeks ago, but to no avail.

    Kind regards

    Lodewyk
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Everyone knows that it's possible to disable every AV protection, no matter how good protection mechanism it uses. Self protection mechanisms can only make it harder for malware writers, but if one runs malware with admin rights nothing will 100% stop it from doing the harm.
     
  3. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    But if the settings are password protected, and the user is not allowed to disable the AV, then the malware should not be able to disable it either, without cracking the password... correct?
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    the malware should not execute, at all, once it does.....From user point of view disabling AV is the least worry
     
  5. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Even though I agree that nothing is 100% bullet proof in security -I'm not an expert- password protecting the software should prevent malware from disabling it unless it can crack the password, if not, why bother??
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    No, the settings can be password protected but the malware still can kill the process in question. It's not related.
    I defend UAC, in Vista it's annoying but in 7 it's really enhanced and less annoying, but an exclusion list is a good idea.

     
  7. Lodewyk

    Lodewyk Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    2
    Thanks, boys.

    Very true. I bet paying users would love to hear this.

    So much for marketing talk and trying to help out ;) .
     
Thread Status:
Not open for further replies.