Other issues in this category (35)
Friday, May 13, 2016
The quality of a program depends on how many vulnerabilities it has. The fewer the vulnerabilities, the less likely it is that users will lose their money and/or data. And positive reviews left by satisfied users will make a program stand out as a good choice and attract additional customers.
But, as we know, there’s no such thing as a completely invulnerable program.
Any vulnerability exploited by virus writers is a blow to the developer's reputation and sometimes very painful. And to a reliable software developer, their reputation is priceless. Actually, it also has a price, and it’s a considerable one. This price includes searching for vulnerabilities and inventing ways to close them without interfering with functionality.
Companies frequently hold all sorts of competitions for users in order to engage them in the search for vulnerabilities.
ZERODIUM specializes in acquiring zero-day vulnerabilities for different types of software https://www.zerodium.com/program.html.
In 2015, the company announced a special bounty program, Million Dollar iOS 9 Bug Bounty, for which ZERODIUM would pay one million dollars to each individual or team who created and submitted to ZERODIUM an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.
ZERODIUM allocated a total of three million U.S. dollars for reward pay-outs. The program was closed on November 1, 2015. One research team won one million U.S. dollars. Two prizes are pending.
The Anti-virus Times recommends
Potentially anyone who loves and knows programming can become a millionaire, but that’s not the point.
The point is that it’s one thing to find a vulnerability and another to learn how to take advantage of it, i.e. to write a working exploit. It is not enough to find a vulnerability in a program; one must bypass the security mechanisms of the operating system and other means of protection that prevent criminals from accessing the resources they’re after.
The Dr.Web SelfPROtect module protects against exploits. This component prevents criminals from disabling or reconfiguring the anti-virus settings.
Dr.Web SelfPROtect, one of the anti-virus’s most important components, not only protects against malware trying to disable the anti-virus, but also various phishers who recommend that users (including children) ‘disable the anti-virus, because it will register the program you need to install as a false positive’.
To prevent such attacks, you must:
- Set a reliable password for making changes to the anti-virus’s parameters and disabling self-defense. This will prevent attackers from bypassing security by employing methods that are based on a knowledge of the psychology of user behaviour.
- Dr.Web Security Space 11.0 incorporates Dr.Web ShellGuard, technology that is designed to protect against exploits and is fundamentally different from all the other systems used on the market. Do not disable this component, which is designed to protect against zero-day vulnerabilities.