Antivirus software vulnerabilities document

vbimport

#1

Hi folks:

I’d like to gather opinions about a document I found some time ago. Unfortunately I was not able to find the original link to the freely downloadable stuff, but after realizing that I myself had it back then downloaded, I uploaded it so that anyone here can check it. It seemed rather revealing regarding how trustworthy ANY antivirus can be… I guess any freely downloadable antivirus may be as good as a pro version of the same if one wisely combines it with 2-3 more free antiviruses/-malwares which do not enter into conflict among them and are also freely downloadable. I just don’t see any strong point in spending money for any pro version at all…


#2

[QUOTE=Ujan;2744194]Hi folks:

I’d like to gather opinions about a document I found some time ago. Unfortunately I was not able to find the original link to the freely downloadable stuff, but after realizing that I myself had it back then downloaded, I uploaded it so that anyone here can check it. It seemed rather revealing regarding how trustworthy ANY antivirus can be… I guess any freely downloadable antivirus may be as good as a pro version of the same if one wisely combines it with 2-3 more free antiviruses/-malwares which do not enter into conflict among them and are also freely downloadable. I just don’t see any strong point in spending money for any pro version at all…[/QUOTE]

The choice to use a A/V of one’s own choosing is up to the user themselves whether paid or free. Any A/V will always have holes in them and for all the reviews and test sometimes even a free version better then the paid counterpart. And using 2-3 will not make your system any safer then single A/V program. Put this way the A/V is half of the protection and the other half is the USER themselves-if the user accepts or click links the A/V becomes useless in protection if they get a virus because the user allows a virus through the A/V protection. That’s the part everyone forgets the USER themselves also causes the infection by their own actions and when you do that no A/V will protect your system. Until the USER themselves become more computer web savvy instead of the addiction of “Click” on anything the A/V regardless of what paid or free will not protect you.


#3

Yeah it’s all very fairly logical and right. 2-3 do not make the system safer indeed, but I think that one of them can perhaps spot something nasty the other missed before. It is not so much about making safer, but about getting a little more assurance while knowing, however, that 360 degree safety is a utopia.

Yes indeed if the user believes that the AV (s)he has just installed is an adamantium-made wall against viruses and all the like and just goes on clicking away, then an infection is fairly unavoidable. It’s a good point indeed that of the user’s responsibility. But is the same with the computer itself. Many consider it as being a machine which runs by itself and does not need any kind of special care. Defragmentation, performance checking, updating etc are fairly unknown concepts for the majority of those who own a computer, and who run to the technician as the simplest of problems arises.


#4

That’s actually an interesting read and definitely the first document I’ve seen on exploiting Antivirus products into running code or crashing out, like how a specially crafted PDF can cause vulnerable versions of Adobe Reader to run malicious code.

Although the document does not compare pro vs. free versions of an Antivirus product, I would imagine that if a hacker can trick the free version into running malicious code, the pro version is unlikely to be any safer, as it usually has the same processes as the free version, but with extra processes to cover the paid for Firewall, etc.

I was quite surprised that most antivirus products give the scanner process system level privileges, some even with DEP turned off for that process. All the hacker needs to do is exploit the scanner process into running malicious code and the malware automatically has system level privileges.


#5

[QUOTE=Seán;2744224]That’s actually an interesting read and definitely the first document I’ve seen on exploiting Antivirus products into running code or crashing out, like how a specially crafted PDF can cause vulnerable versions of Adobe Reader to run malicious code.

Although the document does not compare pro vs. free versions of an Antivirus product, I would imagine that if a hacker can trick the free version into running malicious code, the pro version is unlikely to be any safer, as it usually has the same processes as the free version, but with extra processes to cover the paid for Firewall, etc.

I was quite surprised that most antivirus products give the scanner process system level privileges, some even with DEP turned off for that process. All the hacker needs to do is exploit the scanner process into running malicious code and the malware automatically has system level privileges.[/QUOTE]

The problem here is if they update their PC hosts file to something I use this will also prevent pops/adware that could be infected from entering and thus giving the A/V a extra time to catch and kill the infections.


#6

I already said this a few times b4,and I will stay @ (my personal) point of view:
In my book,an antivirus is only a last resort,if everything else fails…relying only on daily security signature updates is very dangerous!
Antivirus as main protection is a thing from the past,anti exploit,anti executable,HIPS and light virtualization are IMHO more important (and effective !),as they are designed to keep malware out,instead of offering to CURE infected systems…
So,while this report was a very interesting read,(THX Ujan! :iagree:) I’m not upset about the outcome…A: the security suite I use is not on the list.
B : on my system,the antivirus only has to kick in when everything else fails…;):bigsmile:

/of topic @ Ujan,I’m also a Wilderssecurity member…since 2005…:wink:


#7

One key factor is “how much inconvenience will you accept” - whitelisting based security can be very much stronger than blacklisting, but while blacklisting has to update for every new malware, whitelisting has to update when you add a new program or update one.


#8

Well I’m endlessly glad to have had the chance to contribute with an interesting stuff to this outstanding forum being the rookie I am :slight_smile:

/of topic @ Ujan,I’m also a Wilderssecurity member…since 2005…

Wow :wink: