Tavis Ormandy finds some remote root vulns in Kaspersky

Discussion in 'other anti-malware software' started by Hungry Man, Sep 5, 2015.

  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,856
    This has happened before with Kaspersky? Or something... My déjà vu is ringing here but I'm not sure why. Maybe someone else can fill us in.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    No, can't say I'm surprised. But honestly I think this is the least of the problems on the Windows platform. The whole ecosystem is a giant sinkhole of awful, IMO.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    @funkydude Perhaps you're thinking of Sophos?
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,052
    Location:
    The Netherlands
    OK, so how to solve this? Stop using AV's, or perhaps anti-exploit can protect against this?

    Now that I think of it, KIS actually has an anti-exploit module. :D
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    No, anti-exploit software is usually not designed to protect AV. Only solution is a patch from AV vendor. Stop using real-time AV is an option also.
     
  8. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    626
    Location:
    United States
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    All software has "holes" in it that can be taken advantage of; AV software is no exception. One way to mitigate this is if the AV has a HIPS, create a rule to prevent debuggers from running against its kernel and gui. Also add to the rule corresponding processes for any other security software you have.
     
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    "The Google security engineer who uncovered 'major flaws' in Kaspersky's antivirus product [Tavis Ormandy] has claimed some issues are still unfixed – almost three weeks after his original report...

    ....Ormandy did, however, congratulate Kaspersky on the speed at which it had responded to his security alert, and said more issues should be fixed over the next few weeks."

    http://www.information-age.com/tech...-google-engineer-who-uncovered-security-alert
     
  11. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
  12. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Please correct me if I am wrong, but the way I've read it, Ormandy hasn't discovered more vulnerabilities just now, but rather this news site has discovered Ormandy's findings from the beginning of September just now.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    Kaspersky Antivirus Fixes Bug That Allowed Attackers to Block Windows Update and Others Services
    http://news.softpedia.com/news/vuln...rsky-internet-security-antivirus-494280.shtml
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Also this problem is a non-issue is you use a router with a built-in stateful firewall. The rouge packets would be dropped by the router.
     
Loading...