Latest Big Worm Exploits Flaws In Anti-Virus Software

from the so-what's-the-point-of-having-it-then? dept

It's become increasingly clear over the past few years that current anti-virus programs are becoming less capable of securing users' computers from current threats. A couple of years ago, a study even suggested that one of the biggest security threats to people's computers are holes in security programs they use. With that in mind, it's not too surprising to see a new worm that targets not only vulnerabilities in Microsoft software, but also a vulnerability in a Symantec security program. All the vulnerabilities have been patched, so if companies and users have kept up to date, they shouldn't have a problem, and the worm probably won't have a big impact. But it's still worth noting that it went after a hole in some of the very software that's supposed to protect users from this sort of thing. Symantec has admitted before that some of its products could mask malware and malicious attacks, while others say their current technology aren't up to the task of catching things like rootkits. Some are saying that the creator of the virus could have a personal grudge against Symantec, but that seems unlikely. What's more probable is that the author is simply targeting an area where there's an opportunity.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Jack, 2 Mar 2007 @ 4:30pm

    I am Jack

    I am Jack's snearing glee.

    *posted from a mac

    link to this | view in chronology ]

    • identicon
      JackOff, 2 Mar 2007 @ 6:21pm

      Re: I am Jack

      And I am Jack's opened arse posing for the next goatse shot.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 Mar 2007 @ 6:33pm

        Re: Re: I am Jack

        If you're trying to be derogatory, try not to make yourself look like a child. It's not helping.

        link to this | view in chronology ]

    • identicon
      Jesse McNelis, 2 Mar 2007 @ 11:49pm

      Re: I am Jack

      Your operating system doesn't make you immune.
      Common sense should but there is an extreme lack of that apparently.

      Anti-virus doesn't protect your systems from a real attack.

      eg.. I create malicious software to specifically steal data from just your company. Your anti-virus software will not detect it. But if your employers have a 30min training session where they are informed not to open email attachments they weren't expecting your company will be a lot safer.

      link to this | view in chronology ]

    • identicon
      Jill, 3 Mar 2007 @ 9:16pm

      Re: I am Jack

      Jack,

      So what you posted from a mac? If you reverse the number of people who own mac with the number of people who own a PC then you end up with just as many security flaws on the mac.

      Your software is not superior, only your pathetic attitude is. Stop being a fan boy and live in the real world...

      link to this | view in chronology ]

  • identicon
    PhysicsGuy, 2 Mar 2007 @ 4:31pm

    "a study even suggested that one of the biggest security threats to people's computers are holes in security programs they use."

    sure, but is that supposed to invalidate the use of such software? the biggest threat to security would be to NOT have any kind of firewall as opposed to having one that might have an exploit.

    link to this | view in chronology ]

  • identicon
    Bob Bobbins, 2 Mar 2007 @ 4:41pm

    I hate to tell you but Macs are just as easy to get a virus on, the only reason many users dont get viruses is because OSX has such a small market share its not worth the time to write a virus for it. Its a big fallacy thats Macs are more secure. They always want to take down the big guy. If Apple got a 50% market share you bet your ass there would be malware for Macs

    link to this | view in chronology ]

  • identicon
    |333173|3|_||3, 2 Mar 2007 @ 5:49pm

    3 OS choices

    Now please don't start an OS flame war, I know they cn be fun but they can also get boring. There are only 3 real choices for home OSs, one written by a load of drunks with no regard for standards, one written by a bunch of clowns who use arcane standards wehrever possible for a small crowd of bigoted nutjobs, and one written by a bunch of ametuers. (This is just the insults against Window$, Macs, and Linux). Everyone knows there are advantages and disadvantages to all 3, like DirectX on Windows, price, security, and openness on Linux, and a good UI on Macs, but which is best is a mater of personal opinion and related to the jod in hand.

    Bob is right about macs and malware, it is all a question of returns for investment. One otehr point is that on Linux, most people looking for vulnerabiltiies are trying to fix them in the OS, whereas on Windows most looking for problems are trying to sell a program which patches them up, so they announce the hole they have found, making it easier for malware writers to break in. On Macs this is the same, but there is a lot less of a market share for people to buy anti-virus products, making it less worthwhile to develop them and so less reason to look for vulnerabilities. This means that mostly the malware writes would have to find the holes themselves, maing it even less worthwhile to write virises for Macs.

    In short, Macs are safer because they are not worth the effort to break, and this would be the case even if they were considerably less secure than Windows. THe most secure OS would be a completely non-complianant one of your own devising used on only one computer, because no-one except a personal enemy would bother to crack it.

    link to this | view in chronology ]

  • identicon
    MrPaladin, 3 Mar 2007 @ 5:15am

    Holes arnt the problem...

    Sure there are security holes... but the biggest hole in a windows system is the link between the keyboard and the seat...

    most users are to foolish to realise the risks and are too eager to accept downloads to their machine from unknown sites...

    Heck I bet even with Vista commin up saying 'do you want to run a program from PrnLrdMalWare.com Yes/No" most would still press yes...

    link to this | view in chronology ]

  • identicon
    Tyshaun, 3 Mar 2007 @ 1:12pm

    Any antivirus program...

    I attended a seminar recently about virus development techniques (the aim of the seminar was to teach development of anti-virus applications and programming methodology to mitigate the impact of infections and to detect them earlier). Anyway, one of the analogies that the lecturer used really stuck in my head, he said that anti-virus development is no different than practicing medicine. As new pathogens arrive the very best you could possibly hope for is to quickly detect the pathogen and develop an effective treatment against it. New pathogens (computer viruses) are just that, new, and it's not a reasonable expectation for a anti-virus app to instantly be able to detect and eliminate it on first contact, especially the ones designed to circumvent established scan techniques.

    To make the problem worse, even when something is finally isolated as a new virus (and not some random error), it may take time to develop a fix to the infestation that doesn't involve inserting your OS CD and starting from scratch (which is still the cure for any computer viirus until they start developing ones that can "flash" themselves into your BIOS, then we are officially hosed!). So, while the virus is spreading unchecked, lot's of problems may happen.

    The problem really isn't that anti-virus apps hav vulnerabilities, of course they will. The only invulnerable anti-virus app is one that locks down the resources on your system so tight that every memory read/write requires user approval. Anti-virus apps are a compromise, a choice between no protection at all and a computer that's so secure that it's unusable.

    Again, not to harp on the point but the OS you use really has no affect on the POTENTIAL for a virus developing, much for the same reason as the compromise of the anti-virus program I noted. In order for an OS to be useful it has to allow access to resources in a variety of methods. The perfect virus makes the OS think that what it is asking the OS to do is a reasonable command from a user with appropriate permission to execute said command, no OS can stop this. Since windows is the market leader, it bears the brunt of the virus infestation, but any users of another OS who think they're safe because of their OS are delutional. In fact, I would say that Mac and Linux users may be in more danger or a catastrophic infection because they may have a false sense of security and not have followed established security precautions (do they make linux anti-vius software?).

    link to this | view in chronology ]

    • identicon
      Peter, 4 Mar 2007 @ 12:09am

      Re: Any antivirus program...

      Yes they do have anti-virus programs for linux distros, most of the distros have it already integrated into the distr

      link to this | view in chronology ]

    • identicon
      Enrico Suarve, 5 Mar 2007 @ 2:24am

      Re: Any antivirus program...

      It's all true

      ANY program running on your machine can expose you to vulnerabilities - ANY program (even notepad in theory)

      The more complex a program the greater the chance of it having a vulnerability go unnoticed in testing and the more widespread the greater the chances of someone bothering to find it and exploiting it (and chances are these days your target has an AV program installed)

      Part of the problem is perception - users tend to think that because we refer to them as holes they are fairly obvious, in the same way that a hole in a buildings wall or security fence would be. If only!!, think about it, if this were true even if the companies producing the software were incompetent, the malware writers looking to exploit them would have found them all in the first few weeks of new software hitting the shelves

      Usually the vulnerabilities take the form of extremely unlikely instances "If I get someone to open a file of this type, but corrupt the file on this line in this way, I can start to get code to overflow into another area of memory, now if I do this I can get it to overflow all the way into this area.... etc etc"

      This is why it is absolutely key to try to reduce the amount of software installed at anyone time and therefore your 'footprint'. The more software you have the more likely some of it will have vulnerability

      Software manufacturers do obviously try to find these vulnerabilities first and fix them but some are always going to slip the net. It's the way companies deal with them that is important - in this case Symantec produced a patch in May last year pretty quickly if I remember rightly and were as forthcoming as was sensible at the time (too much info = a helping hand for other hackers)

      The only reason this even made the news is it was a security manufacturer caught this time, so it was always going to be embarrassing but this is far from being the first time an AV vendor has been caught in this manner

      This worm will only effect you if you haven't installed patches from Symantec available over 6 months ago, more than likely (and this is just an unconfirmed guess based on experience) this is not a case of Symantec being targeted now, but a case of code being recycled or a bot builder including the vulnerability on the off-chance

      To the Mac fan boys - as yet there are indeed less *known* vulnerabilities on the Mac platform despite the recent Month of Apple Bugs campaign, what is noted however is the manner in which apple tends to do very little about bugs when they are discovered or alienate and fail to work with the security researchers who discover them - this article is typical, in this case its not just that they didn't give the guys credit but that they sat on their hands for over 6 months...

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Mar 2007 @ 8:53am

        Re: Re: Any antivirus program...

        Incorrect. Essentially only software running with admin privileges can expose you to vulnerabilities. You are unaware of this distinction because you are in windows where all software is typically run with admin privileges. In other operating systems, including windows vista, most user apps are locked down more and unable to compromise your system even if a hacker totally manhandles the app.

        This is why it is absolutely key to try to reduce the amount of software run as administrator at anyone time and therefore your 'footprint'. The more software you run this way the more likely some of it will be exploited.

        Posted from windows 2003 logged in as a local administrator.

        link to this | view in chronology ]

        • identicon
          Enrico Suarve, 6 Mar 2007 @ 1:05am

          Re: Re: Re: Any antivirus program...

          Sorry to split hairs AC but

          Essentially only software running with admin privileges can expose you to vulnerabilities

          You do not need to be a local admin for vulnerabilities like these to impact you but it increases the chances dramatically. There are quite a few vulnerabilities which allow a condition 'elevation of privilidge' to take place, which effectivly allow a non-admin to act as one...

          This works due to the way Windows handles permissions zones - sometimes if you can get into another area of memory, that area of memory will be being used by part of Windows in the admin zone...

          That said - you are a LOT safer running as a non-admin, one day maybe MS will make an OS where this is the default

          Unfortunately they DIDN'T do this with Vista - although Vista does have DEP which shuts down programs doing odd things with memory (as in my previous example), and does have User Account Control (UAC) which helps you run as a non-admin

          Unfortunately the first account created on a new Vista build still runs as an admin so unless you know how to set UAC up you still face the same problems

          A very good analysis of Vista and security is available here

          Basically the moral is - Keep installed apps to a minimum and run as a non-admin whenever possible

          link to this | view in chronology ]

  • identicon
    |333173|3|_||3, 3 Mar 2007 @ 10:03pm

    n00bs

    LAst year, at about valentines day, on TD there was a post about idiot employees taking "promotional" CDs off a man in the street on thier way to work, and running them on their work compouter. when tehy did thies, the CD sent a message back to the researchers. It would have been picked up by a basic virus scan, even though it was not malicious. users that stupid should notbe allowed computers. Even employees in major companies did this.

    link to this | view in chronology ]

  • identicon
    Craig, 22 Dec 2009 @ 7:39am

    So, are we saying that it may be worse to have weak security software than none at all? I think this may be the case because people who know they are running antivirus are more likely to fall for the fake AV malware that is all the rage with the hackers these days..

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.