Discussion in 'other anti-malware software' started by Hungry Man, Sep 5, 2015.
Not exactly a shocker.
This has happened before with Kaspersky? Or something... My déjà vu is ringing here but I'm not sure why. Maybe someone else can fill us in.
No, can't say I'm surprised. But honestly I think this is the least of the problems on the Windows platform. The whole ecosystem is a giant sinkhole of awful, IMO.
@elapsed Perhaps you're thinking of Sophos?
OK, so how to solve this? Stop using AV's, or perhaps anti-exploit can protect against this?
Now that I think of it, KIS actually has an anti-exploit module.
No, anti-exploit software is usually not designed to protect AV. Only solution is a patch from AV vendor. Stop using real-time AV is an option also.
It took Tavis a couple of days to reach them but they patched in 24 hours pretty impressive considering the timeline of others these days.
Sept 2nd -
@matalaz @nicolasbrulez Could you mail me Nicolas? Need a contact for vulnerability disclosure. Note: These are really really bad.
All software has "holes" in it that can be taken advantage of; AV software is no exception. One way to mitigate this is if the AV has a HIPS, create a rule to prevent debuggers from running against its kernel and gui. Also add to the rule corresponding processes for any other security software you have.
"The Google security engineer who uncovered 'major flaws' in Kaspersky's antivirus product [Tavis Ormandy] has claimed some issues are still unfixed – almost three weeks after his original report...
....Ormandy did, however, congratulate Kaspersky on the speed at which it had responded to his security alert, and said more issues should be fixed over the next few weeks."
Please correct me if I am wrong, but the way I've read it, Ormandy hasn't discovered more vulnerabilities just now, but rather this news site has discovered Ormandy's findings from the beginning of September just now.
Kaspersky Antivirus Fixes Bug That Allowed Attackers to Block Windows Update and Others Services
Also this problem is a non-issue is you use a router with a built-in stateful firewall. The rouge packets would be dropped by the router.
Separate names with a comma.