The solution has become the problem.

from JoeUser Forums

 

Symantec was revealed to have a security problem this past week (Travis Ormandy – Project Zero).

“This vulnerability is particularly bad—exploiting the vulnerability requires no user interaction. The vulnerability exists in a default configuration, and code execution occurs at the highest privilege level, if not the kernel itself. According to Ormandy, open source libraries used in the products such aslibmspack and unrarsrc had not been updated "in at least 7 years." – TechRepubic

And since these haven’t been updated in so long, and because other Security software uses these, it isn’t only Symantec that’s affected.

Panda Antivirus flagged Sys32 files as malware, and removed them bricking computers after reboot.

Comodo Antivirus has several issues, as well. These have been documented by Ormandy also.

Trend Micro Antivirus has a password manager “bundled” which allows remote code execution. What a gift. A password manager which allows anyone on the net to steal all your passwords.

AVG forced “AVG Web TuneUp” on users which bypassed malware checks in Chrome.

The solution?

MS’s antivirus tools. Yeah. Believe it or not. I’ll be using them, until the AV folks start taking security seriously, and stop taking money for screwing up.

Browse responsibly. Don’t open email extensions, especially if they aren’t from people you know. That won’t cover spear-phishing, though.

Sources:

http://www.techrepublic.com/article/why-antivirus-programs-have-become-the-problem-not-the-solution/?ftag=TRE684d531&bhid=23906934820265111040450294515746

https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

66,765 views 18 replies
Reply #2 from JoeUser Forums Top

The names Bitdefender & Avast did not appear.  Tanks be. v_v

Star Control: Origins
Reply #3 from WinCustomize Forums Top

Well...BD and Avast use those libraries...did another post on that.

 

Reply #5 from JoeUser Forums Top

Quoting DrJBHL, reply 3

Well...BD and Avast use those libraries...did another post on that.

Curses, foiled again!

Looked through your posts & didn't spot such.  Link?

Thanks,

Daiwa

Reply #6 from WinCustomize Forums Top

If you have Avast Anti-virus as I do , Daiwa , you should have noticed that they just did a major update that resolves this issue. It updated on my machine a couple days ago. You should be good to go.   -- Ace --

Reply #7 from WinCustomize Forums Top

I am using Eset NOD32 Antivirus / Endpoint / Business Security for years now, even in 4 corporarate environments and never had any problems. Symantec for private use is a pain in the arse since one decade at least.

Reply #9 from WinCustomize Forums Top

Symantec (Norton) never was the solution to begin with. Well, MAYBE back in the stone age.

 

Anyway, thanks for the heads up, Doc.    :beer:

Reply #10 from WinCustomize Forums Top

Quoting RedneckDude, reply 9

Symantec (Norton) never was the solution to begin with. Well, MAYBE back in the stone age.

Anyway, thanks for the heads up, Doc.

 

So very true. In other posts, I've mentioned that at one time in my life, I was a Help Desk Technition representing several Cable Internet Companies. As I have said many times, a vast majority of customers issues with their machines turned out to be their installed Norton Anti-virus programs borking their system.      -- Ace --

Reply #11 from JoeUser Forums Top

Thanks for the info, Ace.  My Avast was still on an April version when I just checked, so updating now.  Thought it prompted with new versions, but apparently not.

Reply #12 from WinCustomize Forums Top

Again, just use MSE/Windows Defender, even in that article Doc referred to it states:

"There is not an easy answer to this question. Microsoft's antivirus tools have improved dramatically since they were introduced in 2009, and should be sufficient for most people using computers responsibly—in other words, not participating in file sharing or downloading every email attachment they get."

:)

Reply #13 from WinCustomize Forums Top

I won't trust MSE and Windows Defender only in corporate environments, sorry.

Reply #14 from WinCustomize Forums Top

That AVG web tune up....it pops up from time to time but I just close it. I treat them like commercials. I don't like commercials.

Reply #15 from WinCustomize Forums Top

Quoting c242, reply 13

I won't trust MSE and Windows Defender only in corporate environments, sorry.

I understand your apprehension.

Does the elevation of privileges security software does, together with its vulnerabilities make that solution more palatable?

To each his own, I guess.

Reply #16 from WinCustomize Forums Top

Quoting DrJBHL, reply 15


Quoting c242,
reply 13

I won't trust MSE and Windows Defender only in corporate environments, sorry.

I understand your apprehension.

Does the elevation of privileges security software does, together with its vulnerabilities make that solution more palatable?

 

Eset doesn't do that and no user in my corp. environment is admin on his/her pc. ;-) Also MSE is outdated latest since Windows 8.

Reply #18 from JoeUser Forums Top

Does operating as a restricted user avoid these issues if AV is running on the rig?  Seems like it wouldn't.