|
Hacking AntiVirus
|
By Joseph Boyd (Arovax)
[Hits: 21634]
|
|
Our operating systems are insecure. They are protected to acertain extent, but still insecure. The reason of this lies inthe fact that they were designed and created at the time whenthe problem of security just did not arise. And even so-called"update services" were not intended to enable millions of usersto defend themselves against a threat. It just happened thatmost of the discovered errors concern security. Trying toeliminate this defect users have to use third-party software -anti-viruses, firewalls, spam filters and anti-spyware.Installation of such software can produce a false impression ofsecurity. The user must not forget that this means of protectionis not a magic wand but software, just like the operatingsystem. It also can contain errors and be vulnerable.
For example, the resource http://www.rem0te.com containssome reports concerning discovered defects in popular anti-virusprograms. The author of these reports shows criticalvulnerabilities, by using which a malicious program can not onlyblock the work of anti-virus software but also execute maliciouscode at the user computer.
Designing ArovaxShield we have faced a technical problem which, if solved ina wrong way, could cause vulnerabilities in our product. We havefound our own solution but during the discussions a number ofdifferent variants were proposed, so we decided to check theleast suitable variants with other software products dealingwith real-time protection.
Our research has shown that many manufacturers either don't payattention to this problem at all or use an extremely insecurevariant. For example, several producers of very popularanti-spyware programs use the following mechanism to unloadtheir programs from memory before updating them: it's enough torun the program with the "/u" key. And these producers claimthat one of the key features of their software is perfectreal-time protection! Just imagine, any malicious program cansimply execute the command superantispyware.exe /u andthen do whatever it wants.
Due to active investigations of security tools' own security anddiscovering vulnerabilities in them many manufacturers createtheir own "update services" for their products. In Arovax, wealso try hard to create a mechanism which will enable users toquickly and easily update our software. Our new products nowprovide the feature of Live Update. And we, as always,appreciate any your comments, requests and remarks.
(c) Arovax, LLC
|
|
|
|
|
|
