The case of the insecure security software, 2010 edition

Discussion in 'other security issues & news' started by MrBrian, Mar 25, 2010.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    So I was doing a permissions audit of my new testbed Windows 7 computer using Windows Permission Identifier. The computer, from a major computer vendor, contains a recent version of a security suite from a well-known security vendor. The audit results show that every file from the security suite in the Program Files folder is writable by all users, including limited user accounts :eek:! Because the security suite was pre-installed by the computer vendor, I don't know for sure that it's the security suite vendor's fault, but I would bet on it.

    It would be interesting to hear if any of you have similar experiences with relatively new versions of security software. I guess the more things change, the more things stay the same.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    Have you contacted the security suite vendor with this information?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    No. Since I'm not 100% sure if it's the security vendor's fault - because I didn't install it myself - maybe I'll try to find a trial version and install it myself on a clean system so that I can be 100% sure first.
     
  4. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    Yeah, it happens. Program Files permissions are one thing, but then there are also the permissions assigned to the security software's services - sometimes it just so happens that they allow everyone to do such things as change the executable that the service runs, which provides a really quite excellent way to escalate privileges to SYSTEM.

    And usually, it is the security software vendor's fault. Sometimes, though, it can be the result of a file system that's been converted from FAT and has gotten very weird permissions as a result of that, or other such weirdness. Major computer vendors quite often, at least in the past, have messed with the permissions to do such idiotic things as allow pretty much everyone to write new folders and files in the Program Files folder and other 'protected' folders.
     
Loading...
Thread Status:
Not open for further replies.