For all those who believe that their systems are well protected by their much trusted Antivirus softwares, here’s an update. According a research carried out by a Singapore firm COSEINC, many anti-viruses are being riddled with security flaws. The research even confirmed that these softwares increase a computer’s attack surface and make the operating systems natural protection vulnerable.
As per the research carried out by Joxean Koret–a senior researcher at COSEINC, antivirus programs are instead exposing a large attack surface to malware propagators. In his research, Koret analyzed around 14-varieties of antiviruses and found that they were being exposed to vulnerabilities ranging from denial-of-services to flaws related to allow potential attackers to elevate their privileges on systems or to execute arbitrary code. Koret also discovered that some bugs were located in antivirus engines (which form the core of antivirus products) and in various other components.
Earlier, this month, Koret presented all his findings and discoveries at the SysScan 360 Security conference.
White presenting his findings, Koret quoted that “Exploiting AV Engines is not different to exploiting other client-side applications”. He added that they don’t use any special special-protections and rely on anti-exploitation technologies in the Operating system like Address Space Layout Randomization and Data Execution Prevention.
Koret added that antivirus engines typically run with highest system privileges and unknowingly start exploiting vulnerabilities. And this is where attackers with root or system access can gain control and start inducing bugs into the OSes.
According to the analysis of Koret, some antiviruses fail to sign their updates and do not use HTTPS connections to download them. This easily allows anyone attack or inject malicious files into the traffic and start executing them.
At the SysScan conference, Koret referred to the vulnerabilities like ASLR protection exposed by some antivirus products from Panda Security, Bitdefender, Kaspersky lab, ESET, Sophos, Comodo, AVG, Ikarus, Doctor web, MicroWorld Technologies, ClamAV, Fortinet, Avira, Avast, F-Prot, F-Secure and BKAV.
However, Koret did not report the issues exposed by the said companies on an individual note and said that the vendors must audit their own productline and run big bounty programs to attract independent research.
To know more on the findings and the reactions of the above mentioned antivirus vendors please click on the following link.
