Antivirus Software fails basic security checks
-
-
@BrisingrAerowing In other news today: Water is wet! Film at eleven.
More seriously, total disappoint that Windows Defender was apparently not included in the study, it's only the AM solution that comes installed on every Windows 8+, so the data would have been valuable.
-
Apparently a lot of AV programs don't download the updates over https - but how important is that if the updates are signed?
Sure, if the AV program will happily accept last week's definition update instead of today's that's a problem. But as long as the release timestamp is included in the signature and the program verifies it's sufficiently recent, even definition updates downloaded over http://thepiratebay.se/ should be secure.
-
@PleegWat said in Antivirus Software fails basic security checks:
how important is that if the updates are signed?
that depends, does the virus scanner ship with the private key it uses to sign the updates? because if so the signature is worthless and we've seen them do that before.
or what about the one that set itself up as a HTTPS proxy so it could scan all your network traffic and used the same https certificate for every PC so once someone extracted the cert and threw it on a malware server every PC that trusted the signing authority that signed the cert the AV was using trusted the site.....
-
@accalia said in Antivirus Software fails basic security checks:
HTTPS proxy
-
@accalia said in Antivirus Software fails basic security checks:
@BrisingrAerowing In other news today: Water is wet! Film at eleven.
More seriously, total disappoint that Windows Defender was apparently not included in the study, it's only the AM solution that comes installed on every Windows 8+, so the data would have been valuable.
Yup. Not the first time, won't be the last time.
-
@accalia said in Antivirus Software fails basic security checks:
@PleegWat said in Antivirus Software fails basic security checks:
how important is that if the updates are signed?
that depends, does the virus scanner ship with the private key it uses to sign the updates? because if so the signature is worthless and we've seen them do that before.
or what about the one that set itself up as a HTTPS proxy so it could scan all your network traffic and used the same https certificate for every PC so once someone extracted the cert and threw it on a malware server every PC that trusted the signing authority that signed the cert the AV was using trusted the site.....
True. But HTTPS doesn't make that any better. I'm betting an AV vendor who fucks up like that will happily download updates off a site with a letsencrypt certificate.
-
@PleegWat said in Antivirus Software fails basic security checks:
@accalia said in Antivirus Software fails basic security checks:
@PleegWat said in Antivirus Software fails basic security checks:
how important is that if the updates are signed?
that depends, does the virus scanner ship with the private key it uses to sign the updates? because if so the signature is worthless and we've seen them do that before.
or what about the one that set itself up as a HTTPS proxy so it could scan all your network traffic and used the same https certificate for every PC so once someone extracted the cert and threw it on a malware server every PC that trusted the signing authority that signed the cert the AV was using trusted the site.....
True. But HTTPS doesn't make that any better. I'm betting an AV vendor who fucks up like that will happily download updates off a site with a letsencrypt certificate.
yep. that's why the only vector i trust for my antimalware updates these day is Windows Update.
it's probably not the best AM solution out there, but it's the only one i trust at least as far as i can throw my PC. and trust is important.
-
@accalia said in Antivirus Software fails basic security checks:
as far as i can throw my PC
You need a heavier case. :p
-
@accalia said in Antivirus Software fails basic security checks:
total disappoint that Windows Defender was apparently not included in the study
It performs too poorly to be worth it
https://www.av-test.org/en/antivirus/home-windows/windows-10/
Seriously, it's at the bottom on the protection front.
-
@TimeBandit said in Antivirus Software fails basic security checks:
Seriously, it's at the bottom on the protection front.
and yet i trust it more than all the others. Funny that.
-
-
@accalia said in Antivirus Software fails basic security checks:
@TimeBandit said in Antivirus Software fails basic security checks:
Seriously, it's at the bottom on the protection front.
and yet i trust it more than all the others. Funny that.
Same. I use Windows Defender as a front-line tool backed up by a Malwarebytes scan every month or two.
-
@TimeBandit said in Antivirus Software fails basic security checks:
@accalia said in Antivirus Software fails basic security checks:
Funny that.
Funny indeed
-
@accalia said in Antivirus Software fails basic security checks:
@TimeBandit said in Antivirus Software fails basic security checks:
Seriously, it's at the bottom on the protection front.
and yet i trust it more than all the others. Funny that.
Funny you said that.
We actually have cyptolocker type of infection on one of our PCs, where AVG failed to detect but was blocked by Windows Defender.
Maybe they're not updating fast enough.
-
@TimeBandit said in Antivirus Software fails basic security checks:
Seriously, it's at the bottom on the protection front.
The other ones use so much of the system's resources that it's impossible for malware (or anything the user wants to do) to actually run?
-
@dkf said in Antivirus Software fails basic security checks:
it's impossible for malware
Norton and McAfee are malware worst than what they're supposed to protect you against
-
-
@TimeBandit It's like a government: they take full possession of a system to prevent other, possibly worse entities from doing the same.
-
I'm pretty happy with BitDefender.
-
I use Ubuntu, I don't need an antivirus
-
@wharrgarbl said in Antivirus Software fails basic security checks:
I use Ubuntu, I don't need an antivirus
I'm pretty sure there is *nix version of CryptoLocker variant. We had discussion on whether SELinux can help preventing damage if he turned it on and properly configured it on another forum.
-
@cheong there is always some smartypants with a proof of concept linux virus, but we never see it in the wild
-
@wharrgarbl said in Antivirus Software fails basic security checks:
@cheong there is always some smartypants with a proof of concept linux virus, but we never see it in the wild
No, there was report mid-Nov last year that some Linux user got attacked with CryptoLocker variant that was spread through Java or Flash addon. Just that variant has a bug that it always encrypt file with limited set of key so the damage can easily be undone.
-
@cheong said in Antivirus Software fails basic security checks:
limited set of key
Was it compiled on Debian?
-
@ben_lubar said in Antivirus Software fails basic security checks:
@cheong said in Antivirus Software fails basic security checks:
limited set of key
Was it compiled on Debian?
-
@cheong said in Antivirus Software fails basic security checks:
that was spread through Java or Flash addon
-
@wharrgarbl Because Linux development is so hard no one wants to waste their time just to target like 15 desktop users.
Security through obscurity AND shitty design!
-
@anonymous234 said in Antivirus Software fails basic security checks:
Security through obscurity AND shitty design!
The Windows way™
-
Microsoft Malware Protection Engine is there for you:
-
-
@AlexMedia so that if you want news AS SOON AS IT COMES OUT, you can get it.
-
@TimeBandit This is an exploit that has never been exploited in the wild, and was fixed almost immediately, with no impact to anyone. And it was fixed so fast that Google was shocked at how quickly they fixed it.
-
- the attack is wormable (can self-replicate)
Is there any form of remote code execution that can't self-replicate?
-
@anonymous234 said in Antivirus Software fails basic security checks:
Is there any form of remote code execution that can't self-replicate?
Some kind of sandbox that seals off outgoing network connections?
-
@anonymous234 said in Antivirus Software fails basic security checks:
- the attack is wormable (can self-replicate)
Is there any form of remote code execution that can't self-replicate?
that which requires manual intervention by the users on one end or the other?
i mean it's self replicating but it needs permission from humans so it's not a worm?
-
@AlexMedia said in Antivirus Software fails basic security checks:
Huh, I never knew Deadpool was a doctor.