Latest Big Worm Exploits Flaws In Anti-Virus Software
from the so-what's-the-point-of-having-it-then? dept
It's become increasingly clear over the past few years that current anti-virus programs are becoming less capable of securing users' computers from current threats. A couple of years ago, a study even suggested that one of the biggest security threats to people's computers are holes in security programs they use. With that in mind, it's not too surprising to see a new worm that targets not only vulnerabilities in Microsoft software, but also a vulnerability in a Symantec security program. All the vulnerabilities have been patched, so if companies and users have kept up to date, they shouldn't have a problem, and the worm probably won't have a big impact. But it's still worth noting that it went after a hole in some of the very software that's supposed to protect users from this sort of thing. Symantec has admitted before that some of its products could mask malware and malicious attacks, while others say their current technology aren't up to the task of catching things like rootkits. Some are saying that the creator of the virus could have a personal grudge against Symantec, but that seems unlikely. What's more probable is that the author is simply targeting an area where there's an opportunity.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
I am Jack
*posted from a mac
[ link to this | view in chronology ]
Re: I am Jack
[ link to this | view in chronology ]
Re: Re: I am Jack
[ link to this | view in chronology ]
Re: I am Jack
Common sense should but there is an extreme lack of that apparently.
Anti-virus doesn't protect your systems from a real attack.
eg.. I create malicious software to specifically steal data from just your company. Your anti-virus software will not detect it. But if your employers have a 30min training session where they are informed not to open email attachments they weren't expecting your company will be a lot safer.
[ link to this | view in chronology ]
Re: I am Jack
So what you posted from a mac? If you reverse the number of people who own mac with the number of people who own a PC then you end up with just as many security flaws on the mac.
Your software is not superior, only your pathetic attitude is. Stop being a fan boy and live in the real world...
[ link to this | view in chronology ]
sure, but is that supposed to invalidate the use of such software? the biggest threat to security would be to NOT have any kind of firewall as opposed to having one that might have an exploit.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
3 OS choices
Bob is right about macs and malware, it is all a question of returns for investment. One otehr point is that on Linux, most people looking for vulnerabiltiies are trying to fix them in the OS, whereas on Windows most looking for problems are trying to sell a program which patches them up, so they announce the hole they have found, making it easier for malware writers to break in. On Macs this is the same, but there is a lot less of a market share for people to buy anti-virus products, making it less worthwhile to develop them and so less reason to look for vulnerabilities. This means that mostly the malware writes would have to find the holes themselves, maing it even less worthwhile to write virises for Macs.
In short, Macs are safer because they are not worth the effort to break, and this would be the case even if they were considerably less secure than Windows. THe most secure OS would be a completely non-complianant one of your own devising used on only one computer, because no-one except a personal enemy would bother to crack it.
[ link to this | view in chronology ]
Holes arnt the problem...
most users are to foolish to realise the risks and are too eager to accept downloads to their machine from unknown sites...
Heck I bet even with Vista commin up saying 'do you want to run a program from PrnLrdMalWare.com Yes/No" most would still press yes...
[ link to this | view in chronology ]
Any antivirus program...
To make the problem worse, even when something is finally isolated as a new virus (and not some random error), it may take time to develop a fix to the infestation that doesn't involve inserting your OS CD and starting from scratch (which is still the cure for any computer viirus until they start developing ones that can "flash" themselves into your BIOS, then we are officially hosed!). So, while the virus is spreading unchecked, lot's of problems may happen.
The problem really isn't that anti-virus apps hav vulnerabilities, of course they will. The only invulnerable anti-virus app is one that locks down the resources on your system so tight that every memory read/write requires user approval. Anti-virus apps are a compromise, a choice between no protection at all and a computer that's so secure that it's unusable.
Again, not to harp on the point but the OS you use really has no affect on the POTENTIAL for a virus developing, much for the same reason as the compromise of the anti-virus program I noted. In order for an OS to be useful it has to allow access to resources in a variety of methods. The perfect virus makes the OS think that what it is asking the OS to do is a reasonable command from a user with appropriate permission to execute said command, no OS can stop this. Since windows is the market leader, it bears the brunt of the virus infestation, but any users of another OS who think they're safe because of their OS are delutional. In fact, I would say that Mac and Linux users may be in more danger or a catastrophic infection because they may have a false sense of security and not have followed established security precautions (do they make linux anti-vius software?).
[ link to this | view in chronology ]
Re: Any antivirus program...
[ link to this | view in chronology ]
Re: Any antivirus program...
ANY program running on your machine can expose you to vulnerabilities - ANY program (even notepad in theory)
The more complex a program the greater the chance of it having a vulnerability go unnoticed in testing and the more widespread the greater the chances of someone bothering to find it and exploiting it (and chances are these days your target has an AV program installed)
Part of the problem is perception - users tend to think that because we refer to them as holes they are fairly obvious, in the same way that a hole in a buildings wall or security fence would be. If only!!, think about it, if this were true even if the companies producing the software were incompetent, the malware writers looking to exploit them would have found them all in the first few weeks of new software hitting the shelves
Usually the vulnerabilities take the form of extremely unlikely instances "If I get someone to open a file of this type, but corrupt the file on this line in this way, I can start to get code to overflow into another area of memory, now if I do this I can get it to overflow all the way into this area.... etc etc"
This is why it is absolutely key to try to reduce the amount of software installed at anyone time and therefore your 'footprint'. The more software you have the more likely some of it will have vulnerability
Software manufacturers do obviously try to find these vulnerabilities first and fix them but some are always going to slip the net. It's the way companies deal with them that is important - in this case Symantec produced a patch in May last year pretty quickly if I remember rightly and were as forthcoming as was sensible at the time (too much info = a helping hand for other hackers)
The only reason this even made the news is it was a security manufacturer caught this time, so it was always going to be embarrassing but this is far from being the first time an AV vendor has been caught in this manner
This worm will only effect you if you haven't installed patches from Symantec available over 6 months ago, more than likely (and this is just an unconfirmed guess based on experience) this is not a case of Symantec being targeted now, but a case of code being recycled or a bot builder including the vulnerability on the off-chance
To the Mac fan boys - as yet there are indeed less *known* vulnerabilities on the Mac platform despite the recent Month of Apple Bugs campaign, what is noted however is the manner in which apple tends to do very little about bugs when they are discovered or alienate and fail to work with the security researchers who discover them - this article is typical, in this case its not just that they didn't give the guys credit but that they sat on their hands for over 6 months...
[ link to this | view in chronology ]
Re: Re: Any antivirus program...
This is why it is absolutely key to try to reduce the amount of software run as administrator at anyone time and therefore your 'footprint'. The more software you run this way the more likely some of it will be exploited.
Posted from windows 2003 logged in as a local administrator.
[ link to this | view in chronology ]
Re: Re: Re: Any antivirus program...
Essentially only software running with admin privileges can expose you to vulnerabilities
You do not need to be a local admin for vulnerabilities like these to impact you but it increases the chances dramatically. There are quite a few vulnerabilities which allow a condition 'elevation of privilidge' to take place, which effectivly allow a non-admin to act as one...
This works due to the way Windows handles permissions zones - sometimes if you can get into another area of memory, that area of memory will be being used by part of Windows in the admin zone...
That said - you are a LOT safer running as a non-admin, one day maybe MS will make an OS where this is the default
Unfortunately they DIDN'T do this with Vista - although Vista does have DEP which shuts down programs doing odd things with memory (as in my previous example), and does have User Account Control (UAC) which helps you run as a non-admin
Unfortunately the first account created on a new Vista build still runs as an admin so unless you know how to set UAC up you still face the same problems
A very good analysis of Vista and security is available here
Basically the moral is - Keep installed apps to a minimum and run as a non-admin whenever possible
[ link to this | view in chronology ]
n00bs
[ link to this | view in chronology ]
[ link to this | view in chronology ]