Symantec tells customers to disable pcAnywhere software

Discussion in 'other security issues & news' started by ronjor, Jan 25, 2012.

Thread Status:
Not open for further replies.
  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,157
    Roger that Ron. I am on the latest version now 12.5 build 486 (SP3) and have applied the hotfix that I linked to above. All seem well. Just wanted to be sure I was fully patched.

    Thanks.
     
  2. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    You can see the vulnerabilities of other closed source security products here...
    http://www.securiteam.com/products/

    It seems like security product are more coded securely relatively speaking with lesser bugs compared to the so called low hanging fruits like browsers, adobe products, etc.

    VMware has even more vulnerabilities as compared to AV's and other security products. They are all now patched of course.

    Malwares most often only bypass the AV's and are not delivered by exploiting the latter's vulnerabilities.
     
    Last edited: Feb 3, 2012
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    How are these collected/ found?
     
  4. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    Whitehats or greyhats found these vulnerabilities then reported it to the vendors. Or even their in house coders would find so called bugs or investigate bugs found by the blackhats. And the Vendors patch. That's why the security vendors update or upgrade their products. Note that I am not a believer of black listing securiy products.

    As far as I know there is no malware created or rather delivered via exploits due to a security product's vulnerabilities. Bypassed of course most often.
     
    Last edited: Feb 3, 2012
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's nice that someone's looking though I don't really know how that all works. I'd feel a bit more secure running a product that was either open source or independently audited following a standard methodology.

    Well as far as I know no malware is created from exploits ever. It's all about downloading and bypassing to give the payload. But I've never seen that either or any hack that's involved them at all really.

    I attribute this to the variety of AVs and lack of significant market share when compared to easy targets such as Java and Flash.

    But I still maintain that AVs are insecure in that
    1) They are typically closed source
    2) They run with high rights and directly hook the kernel
    3) They interact directly with malicious software often in dangerous ways (such as file emulation, which allows the malware to run or even file analysis and, of course, the ever overflowable parsing.)
    4) They are often "far reaching" with multiple modules that interact with many programs ie: Firewall, link scanner, plugins, extensions, file scanners, cloud scanners etc.
     
  6. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    They do it by fuzzing and crashing to look for bugs. Some by reverse engineering even without the source code.

    You are probably talking about about malwares downloaded by social engineering. Exploits on buffer overflows are very common before then eclipsed by so called cross site scripting, iframe clickjacking etc. Exploits on browsers are fairly common as well as the so called exploit packs to automate malware spread.

    Closed source Freeware AV's are fairly common and most often bypassed. Though are not easy target to have an exploit created out of AV's own bugs.
    It's Blacklisting and don't have the every signature of every created malware out there and so insecure.

    Well, without those rights and kernel hooks, AV's and HIPS, BB's like Mamutu are powerless. Sandboxie will be nothing without its Kernel driver.
     
    Last edited: Feb 3, 2012
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No, that's not what I'm talking about but it's not really relevant. It's a matter of semantics and I understand you well enough.

    I get how they do it, there are hundreds of fuzzing tools out there. Methodology and a standardized test are important. How do I know that every product is being tested the same way the same number of times? Maybe security products are just "built secure" but I doubt that some of the bulkier ones are so sturdy.

    Of course.
     
  8. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    Ah ok. As long as you got the point.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think I do. That website's interesting though - thank you.
     
  10. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    NO problem.

    To clear up and rephrase what I said earlier and to add to this...
    To be exact. Exploits are created from exploiting vulnerabilities.

    Exploit will spawn the shellcode. The shellcode's payload is the command shell to be returned or the malware to be downloaded or the dropper to download the malware or execute/decrypt the main malware body encrypted/embedded inside innocuous file like the already cached jpg, doc, etc or to execute another shellcode which in turn will decrypt the embedded malware or the backdoor on said seemingly innocuous file.

    Ergo, malware is created or rather delivered from exploiting a vulnerability, the exploit. Hence, to rectify my statement above.

    And since AV's most likely don't have the signatures for every newly created malware and thus, we have the so called BYPASS. As malware executed has the same rights as the AV and with its code injections on trusted process, the rootkit ability and patching done on system processes, it will evade detection until AV has the signature for it.

    So as far as I know there's no malware delivered by an exploit on a vulnerability of a security product. But then again, I might be wrong especially in the case of targeted attacks.
     
    Last edited: Feb 3, 2012
  11. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    And speaking of malwares created with certain vulnerabilities/exploits in mind, I can think of Stuxnet and Duqu.

    Stuxnet was created with an exploit to the Lnk vulnerability as the infection vector, another zero day privilege escalation exploit and other exploits on vulnerabilities to spread to other networks.

    Duqu malware was created and could not be successful if not without the the former zero day kernel exploit on the already patched win32k.sys vunerability on parsing true type fonts.
     
  12. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,322
    Location:
    Surrey, England.
    Anonymous claims to have released source code of Symantec's pcAnywhere

    https://www.computerworld.com/s/art...e_code_of_Symantec_s_pcAnywhere?taxonomyId=17
     
    Last edited: Feb 7, 2012
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Re: Anonymous claims to have released source code of Symantec's pcAnywhere

    Symantec acts like releasing the source is the end of the world. Do the have something to hide, like a back door?
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Re: Anonymous claims to have released source code of Symantec's pcAnywhere

    It wouldn't have to be a backdoor. There's plenty of info within even old source code that could be used to either exploit their products or evade them.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    pcAnywhere Leaked Source Code – An Anonymous Review

    pcAnywhere Leaked Source Code – An Anonymous Review

    http://resources.infosecinstitute.com/pcanywhere-leaked-source-code/

    tl;dr their code hasn't changed in 10 years

     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  17. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,322
    Location:
    Surrey, England.
  18. clarence23

    clarence23 Registered Member

    Joined:
    Feb 28, 2012
    Posts:
    2
    Location:
    US
    Moreover

    and
    Cool, heh? And all this coming from a company that makes security software.

    Duuno about others but I am pretty happy right about now that I don't use pcanywhere or any of their stuff. :blink:

    Speaking of pcanywhere, I was reading on some new personal media cloud called audials anywhere that' ll be launched sometimes soon.

    It's some invite based app that's supposed to let you invite friends to browse, download and stream your media collection, as far as I take it.

    Do you guys have any idea if it's even remotely related to this pcanywhere program?

    Wanna be on the safe side.:D
     
  19. clarence23

    clarence23 Registered Member

    Joined:
    Feb 28, 2012
    Posts:
    2
    Location:
    US
    Umm...looks like I just found out what's the deal with that audials anywhere thing:

    http://www.mytechguide.org/11375/audials-anywhere-personal-media-cloud-rumor/

    Not related in any way to pcanywhere, I guess, if anyone's interested. I must say that it does sound interesting.

    Although they say it's a personal media cloud I suppose it's more like one of those private tracker things than like cloud computing services, since it's invite only and nobody can access your stuff without your permission it should be more secure than filesharing sites, for example. Right?
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.