Thursday, 24 September 2015

Google: Anti-Virus Software, Kaspersky Still Leak

The anti-virus software of the Russian anti-virus firm Kaspersky Lab still contains multiple vulnerabilities, says Google researcher Tavis Ormandy. Recently released the virus fighter that's been a big leak could poem was found by Ormandy and the system could allow an attacker to take complete without users here had to do something.

The researcher Google has much more major vulnerabilities found in the anti-virus software, so Ormandy late in an analysis of the leak know that are already patched. The analysis was made ​​on the Project Zero blog from Google. Project Zero is a team consisting of Google hackers and researchers looking for vulnerabilities in popular software. This included the anti-virus software from Kaspersky scrutinized.

Not patched

"Many of the bug reports I submitted are still not patched, but Kaspersky has made enough progress that I can talk about some of the problems," as the researcher says. Ormandy had found dozens of bugs in the anti-virus software and reported. The research shows that some of the most dangerous leaks were very easy to abuse. The researcher is pleased that Kaspersky Lab here for additional security rolls out. The impact of a vulnerability will increase in anti-virus software because the virus often file system and network traffic intercepted.

Visiting a website or receive an e-mail is enough to be attacked. It is then not even be necessary to open the e-mail, since the input / output of the reception of the e-mail is sufficient to cause the vulnerability. Besides the discovered vulnerabilities Ormandy also found several major design flaws in other parts of the anti-virus software. These other vulnerabilities to attack his distance. As the updates previously been deferred, he will discuss these issues later.

Security software harmful?

According to Ormandy, there are strong indications that there is an active trade in exploits for antivirus software exists."Research shows that a readily accessible attack surface that exposure to targeted attacks increased enormously," says the researcher. Therefore, he believes that security software developers the strictest security guidelines when developing their software must implement in order to reduce problems caused by the software. Something that fail anti-virus companies. In the past Ormandy has major problems in the software of anti-virus company Sophos and ESET found.

The researcher concludes with a warning and request for anti-virus companies. They would parts of their software does not have to run with system privileges. "Do not wait for the network worm that it has provided in your software, or targeted attacks against your users. Add even today the development of a sandbox to your development plan." Regarding the outstanding vulnerabilities in the software of Kaspersky Ormandy says that the anti-virus company responds very quickly and that a number of critical vulnerabilities in the coming weeks will be patched.

No comments:

Post a Comment