Other issues in this category (24)
About ethics and technologies
In a recent Anti-virus Times issue an argument broke out about the ethics of hackers—what’s good and bad about what the people searching for vulnerabilities are doing. But let’s separate out those who work for cybercriminals directly—i.e., people who are involved in criminal syndicates or who sell information on underground forums about the vulnerabilities they’ve found. Let’s talk about legal researchers.
Researchers from EnSilo have discovered that 15 anti-viruses that use Microsoft Detours to intercept system calls are vulnerable.
The discovered vulnerabilities allow potential attackers to bypass exploit protection and inject malicious code into any process running on a system.
The researchers informed the manufacturers of those 15 anti-virus solutions about that problem. Some of them have already released relevant patches.
Experts will showcase a more detailed report on this subject at the upcoming Black Hat conference in August.
It is important to draw attention to the ethical aspect of the problem.
- The researchers disclosed the problem before the manufacturers of these vulnerable anti-viruses could eliminate it. Thus, the researchers endangered product users—criminals read the news, too.
- The researchers disclosed information about the nature of the vulnerability. Because users do not like to update their anti-viruses, criminals, having been told where to search for the vulnerability, will be able to do their own investigating and start attacking users of all solutions, including those for which an update has been released.
- The study confirmed what Doctor Web is constantly saying: an anti-virus solution must minimally use system services and external libraries. They cannot be under the control of self-protection and, therefore, are vulnerable to hacker attacks.
P.S. Dr.Web anti-virus solutions do not use Microsoft Detours; consequently they are not on the “EnSilo list”.