Tuesday, October 18, 2005

Hacking AntiVirus

Our operating systems are insecure. They are protected to a certain extent, but still insecure. The reason of this lies in the fact that they were designed and created at the time when the problem of security just did not arise. And even so-called “update services” were not intended to enable millions of users to defend themselves against a threat. It just happened that most of the discovered errors concern security. Trying to eliminate this defect users have to use third-party software – anti-viruses, firewalls, spam filters and anti-spyware. Installation of such software can produce a false impression of security. The user must not forget that this means of protection is not a magic wand but software, just like the operating system. It also can contain errors and be vulnerable.

For example, the resource http://www.rem0te.com contains some reports concerning discovered defects in popular anti-virus programs. The author of these reports shows critical vulnerabilities, by using which a malicious program can not only block the work of anti-virus software but also execute malicious code at the user computer.

Designing Arovax Shield we have faced a technical problem which, if solved in a wrong way, could cause vulnerabilities in our product. We have found our own solution but during the discussions a number of different variants were proposed, so we decided to check the least suitable variants with other software products dealing with real-time protection.

Our research has shown that many manufacturers either don’t pay attention to this problem at all or use an extremely insecure variant. For example, several producers of very popular anti-spyware programs use the following mechanism to unload their programs from memory before updating them: it’s enough to run the program with the “/u” key. And these producers claim that one of the key features of their software is perfect real-time protection! Just imagine, any malicious program can simply execute the command superantispyware.exe /u and then do whatever it wants.

Due to active investigations of security tools’ own security and discovering vulnerabilities in them many manufacturers create their own “update services” for their products. In Arovax, we also try hard to create a mechanism which will enable users to quickly and easily update our software. Our new products now provide the feature of Live Update. And we, as always, appreciate any your comments, requests and remarks.

(c) Arovax, LLC


Post a Comment

<< Home