A researcher from Google alone in a few days a critical vulnerability in the virus scanners and security of the Slovak anti-virus company ESET discovered which allows remote attackers computers and systems can completely take over, without any user interaction is required. The vulnerability would therefore be ideal for a worm which business networks that use ESET software can be completely infected.
ESET software uses a mini-filter to intercept all input and output (I / O) to the hard disk, analyze and then emulate in case it comes to executable code. Through emulation, a file can be carried out partially before the virus signatures are used to determine whether the file is malicious or not.
Through the browser, email client, instant messaging, file sharing, network, USB and many other ways an attacker disk I / O and so cause execute the attack. The problem is in fact caused by the emulation performing ESET. The emulator does not appear to be robust and easy to compromise, says researcher Tavis Ormandy of Google. They may run malicious code with root privileges.
The problem is at all ESET products, including virus scanners for Linux, Mac OS X and Windows. As proof Ormandy developed a working exploit which systems to attack from a distance. Last Friday warned Google ESET, where the results were discussed in person with the company. Three days later, on Monday, the Slovak virus fighter came with an update to resolve the issue.
Risk
According to Ormandy, however whether users are the risks and benefits of security weigh. In the past, even though Ormandy revealed major problems in the anti-virus software from Sophos , and this week it was announced that the NSA and GCHQ to vulnerabilities have sought in anti-virus programs. Attacking users through their virus is therefore not a theoretical risk, according to Ormandy.
No comments:
Post a Comment