Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Lend me your antivirus suggestions

  1. #21
    Corvette Enthusiast Kchrpm's Avatar
    Join Date
    Jan 2014
    Location
    Cincinnati, OH
    Posts
    6,523
    Quote Originally Posted by Random View Post
    Is his point that vulnerabilities in the add-on anti-virus software add to the possible numbers/ways/methods of attack? Or is he trying to make some point about anti-virus protection in general?
    His point is that poorly made anti-virus software makes your computer even more vulnerable, because of the deep access that type of software has. Unfortunately, many of the most well known options seem to be poorly made.

    http://arstechnica.com/security/2016...mail-or-links/
    Tuesday's advisory is only the latest to underscore game-over vulnerabilities found in widely available antivirus packages. Although the software is often considered a mandatory part of a good security regimen—on Windows systems, at least—their installation often has the paradoxical consequence of opening a computer to attacks that otherwise wouldn't be possible. Over the past five years, Ormandy in particular has exposed a disturbingly high number of such flaws in security software from companies including Comodo, Eset, Kaspersky, FireEye, McAfee, Trend Micro, and others.
    Get that weak shit off my track

  2. #22
    Senior Member
    Join Date
    Jan 2014
    Posts
    10,171
    Quote Originally Posted by Random View Post
    Is his point that vulnerabilities in the add-on anti-virus software add to the possible numbers/ways/methods of attack? Or is he trying to make some point about anti-virus protection in general?
    The former. Because of the way antivirus must work - that is with very high privileges - installing AV creates one more attack vector ("increases the surface area") for exploits. If someone compromises, say, Edge on Win10, they don't have much access to your system in general. You either have to have certain things turned off, or you have to take specific action... like, you can't get from the internet to your boot sector without compliance from the user because Edge doesn't have sufficient permission to write to the boot sector. But, if you compromise some other application with higher privileges, then you can get access to the boot sector or whatever. In the context of this particular article, the fallout is pretty frickin severe. if your computer is 100% locked down and someone manages to plant a specific file on the system that is otherwise totally inert, the act of scanning it by Symantec (and others) "activates" the attack. That's darned creative on the attacker's part, and darned pathetic on the AV app's part.

    Edit: Whoops - didn't see Krunch's post. Spot on.

  3. #23
    Senior Member
    Join Date
    Jan 2014
    Posts
    3,569
    From the link from that ars link, at least I can take comfort in this:

    Thanks to Kaspersky for record breaking response times when handling this report, they’ve set a high bar to beat for other vendors! More Kaspersky issues, including multiple remote code execution vulnerabilities, should be fixed and visible in our issue tracker over the next few weeks.

  4. #24
    What fresh hell is this? overpowered's Avatar
    Join Date
    Jan 2014
    Location
    San Diego, CA
    Posts
    6,113
    Avast started to get obnoxious, so I uninstalled it.

    After that, the Windows Firewall started having problems. I would get notifications that it stopped on a fairly regular basis.

    After a bit of Googling, I found the solution to the firewall problem which was to run a cmd window as Administrator and in that run "sfc /scannow" to repair Windows files. Firewall seems to work now.

  5. #25
    Junior Potato
    Join Date
    Jan 2014
    Posts
    3,219
    Here's an interesting one I saw recently; behavioural detection of ransomware, to catch viruses before they're known to antivirus programs.

    http://thehackernews.com/2016/12/fre...tware.html?m=1

    The software will detect ransomware based on typical ransomware behaviours, rather than by using a signature database like traditional antivirus programs.

    Cool idea.

  6. #26
    Senior Member
    Join Date
    Jan 2014
    Posts
    10,171
    That is going to become really important, as "malwareless malware" is a thing for '17.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •