When Security Products Weaken Security
It is almost becoming normal for malware to target a range of antivirus and antimalware products as part of the infection routine, preventing them from accessing definitions updates, preventing them from accessing the vendor's website, or even terminating any running process associated with protective software.
Sometimes it is the protective software that is the greatest risk to a system, through bugs that introduce weaknesses to the systems it is trying to protect. This could be as simple as problems with scanning modules, as has often been seen with antivirus platforms, or it could be a vulnerability with the core software that then allows an attacker full access to the system that it is trying to protect.
When it comes to identifying and repairing these vulnerabilities, which could have significant impacts on the overall security of systems and networks, it is preferred that vendors release the information publicly and make the patches available in a timely manner. Sometimes it doesn't work out that way and hackers are openly sharing information about critical vulnerabilities in various vendor products.
Such a situation has recently taken place with Kaspersky Anti-Virus, when noted Russian rootkit researcher EP_X0FF published a detailed report on vulnerabilities that Kaspersky introduces into a system, that otherwise wouldn't be there. Worryingly for users of Kaspersky products, it seems that the particular vulnerabilities disclosed can be exploited from an unprivileged account, but have system-wide effects. At this stage, all the disclosed details will do is result in a 'Blue Screen of Death', but it is likely to draw the attention of other hackers, who could find ways to turn it into a situation where they take control over the system.
While not a vulnerability as such, Microsoft have come under fire lately for the automatic updates that have been applied to systems that were otherwise configured not to update automatically. Software updates to the Windows Update service were not being announced and were silently being applied to systems where the users had configured them for manual updates only. Supporters of Microsoft argue that this isn't a problem, why is there concern over the issue (after all, you only licence your software), while there has been a vocal chorus of people who argue that any automated change to their system is a problem, when they have specifically set up their system not to automatically update. Why this particular practice of silently updating Windows Update has suddenly grabbed attention is not known, as Microsoft have been updating the application in this manner for a long time.
16 September 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.