Thursday, July 10, 2008

Approximately 800 vulnerabilities discovered in antivirus products | Zero Day |

Zero Day

Ryan Naraine, Dancho Danchev, Nate McFeters

In what appears to be either a common scenario of “when the security solution ends up the security problem itself”, or aVulnerabilities Antivirus Software 2005/2007
product launch basing its strategy on outlining the increasing number of critical vulnerabilities found in competing antivirus products, the IT/Security consulting firm n.runs AG claims to have discovered approximately 800 vulnerabilities within antivirus products based on exploiting a standard malware scanning process known as “parsing” :

“During the past few months, specialists from the n.runs AG, along with other security experts, have discovered approximately 800 vulnerabilties in anti-virus products. The conclusion: contrary to their actual function, the products open the door to attackers, enable them to penetrate company networks and infect them with destructive code. The positioning of anti-virus software in central areas of the company now poses an accordingly high security risk. The tests performed by the consulting company and solutions developer n.runs have indicated that every virus scanner currently on the market immediately revealed up to several highly critical vulnerabilities. These then pave the way for Denial of Service (DoS) attacks and enable the infiltration of destructive code – past the security solution into the network. With that, anti-virus solutions actually allow the very thing they should
instead prevent.”


How did n.runs manage to discover the vulnerabilities they claim they found? By following the very same logic on which a great deal of theVulnerabilities Antivirus Software Q1 2008 current vulnerabilities are based on, the way in which the scanner parses the file it’s supposed to scan :


My comment on ZeroDay:

Isn't there anywhere in the world today that you can feel safe? These are the people we are paying to protect us. Like a Bullet-proof vest made of Swiss Cheese! But so far, unless I do something stupid, I go Virus free. Something stupid defined as listening to someone who told me the problems I was having with receiving was my firewall. Sure enough I opened it up and Ustream did improve, and for a couple of days I was happy getting a much faster video, better sound, faster video. And then, Bang! Pop-ups, Freeze ups, Browser crashes, you name it.Thankfully I've had plenty of experience cleaning up other people's messes, usually far worse than this.

Took several passes with 3 different cleaners, but its gone and life is normal again. It was a long weekend!

Blogged with the Flock Browser