2024-12-22, 08:02 *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
Pages: [1]
  Print  
Author Topic: Virus Scanner Flaw (Better Read This!)  (Read 6160 times)
0 Members and 4 Guests are viewing this topic.
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8815

WWW
« on: 2005-11-02, 05:58 »

Quote
By adding some data to a file, an attacker could trick virus scanners into letting a malicious executable file pass through, security researcher Andrey Bayora wrote in an advisory last week. The problem lies in the scanning engine, which won't detect files that have the extra data. Bayora refers to that extra data as the "Magic Byte."

The problem affects numerous antivirus products, including software from Trend Micro, McAfee, Computer Associates and Kaspersky Lab, said Bayora, who works as a computer security consultant in Israel. His advisory also lists several products that are not affected, including software from Symantec, F-Secure and BitDefender.

http://news.com.com/Evasion+bug+bites+viru...ml?tag=nefd.top
Logged


I fly into the night, on wings of fire burning bright...
Tabun
Pixel Procrastinator
 

Team Member
Elite (3k+)
******
Posts: 3330

WWW
« Reply #1 on: 2005-11-02, 08:51 »

Allow me to take a moment to gently sneer at the people always laughing at me for using Symantec corporate Antivirus.. :]
Even so, it is not surprising, and I thought viruses were trying (with moderate succes) to do this for years now?
Logged

Tabun ?Morituri Nolumus Mori?
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8815

WWW
« Reply #2 on: 2005-11-02, 09:15 »

Yeah, I don't get the hate for Symantec either.  It works, it's caught infections on machines that the other stuff (*cough* McAfee *cough*) has outright missed.  This isn't just an opinion either - I cleaned the infections off the machines myself.  Thankfully I've never had an active virus infection on any of my own computers the 12 years I've owned PC's so far.  I must be doing something right I think.

Aye, some viruses try to disguise themselves and modify themselves as they infect (see polymorphic) so the more advanced virus checkers use heuristics to try to catch virus-like activity which sometimes results in a false positive, but stops programs from infecting you even if the infecting agent doesn't have a signature in some database somewhere just yet.  I think what's happened is some companies selling antivirus products rely more on consumer ignorance, the  "Just leave it to us, WE know what's best for you" attitude.  CA's approach of saying "oh no, you modified it so now it's a variant" stinks of this kind of BS, which is what I've come to expect of CA.

I'm very surprised McAfee didn't respond at all, but I'm not surprised their product was vulnerable.  If anything, McAfee has caused problems than done any good on systems I've seen it installed on.  Said problems range from missed infections to system instabilities to outright hard crashes.
Logged


I fly into the night, on wings of fire burning bright...
Tabun
Pixel Procrastinator
 

Team Member
Elite (3k+)
******
Posts: 3330

WWW
« Reply #3 on: 2005-11-02, 15:31 »

What makes all this harder for the average consumer is that a lot of AV software packages seem to merge under the same distributor label, or that developers of absolutely worthless scanners like "Norman Antivirus" prey on those believing to have bought "Norton"'s software etc.
Btw, I was also looking forward to hearing what McAfee (and others) would say in response.. they'll have to say something about it, sooner or later.. :]
Logged

Tabun ?Morituri Nolumus Mori?
Lopson
 

Elite
*
Posts: 1133

Still Going In Circles

« Reply #4 on: 2005-11-02, 23:12 »

Man I love my Symantec Corporate Edition 10.0! It's small, light, efficient & no year updates. I was kinda expecting that Norton was one in that list. I've seen McAfee's products like the Anit-Spam filter. That thing only works properly if you have McAfee anti-virus itself. Amazing. I was surprised about Kasperky though, I heard so many good things about it.

EDIT : My All-Time fav anti-virus was Microsoft's Anti-Virus Scanner for Windows 3.1.
« Last Edit: 2005-11-02, 23:16 by [KruzadeR] » Logged

Pages: [1]
  Print  
 
Jump to: