Your browser is obsolete!

The page may not load correctly.

The workshop

Кухня

Other issues in this category (24)
  • add to favourites
    Add to Bookmarks

About ethics and technologies

Read: 1010 Comments: 15 Rating: 42

In a recent Anti-virus Times issue an argument broke out about the ethics of hackers—what’s good and bad about what the people searching for vulnerabilities are doing. But let’s separate out those who work for cybercriminals directly—i.e., people who are involved in criminal syndicates or who sell information on underground forums about the vulnerabilities they’ve found. Let’s talk about legal researchers.

Researchers from EnSilo have discovered that 15 anti-viruses that use Microsoft Detours to intercept system calls are vulnerable.

The discovered vulnerabilities allow potential attackers to bypass exploit protection and inject malicious code into any process running on a system.

The researchers informed the manufacturers of those 15 anti-virus solutions about that problem. Some of them have already released relevant patches.

Experts will showcase a more detailed report on this subject at the upcoming Black Hat conference in August.

http://blog.ensilo.com/intrusive-applications-6-security-to-watch-out-for-in-hooking

http://www.securitylab.ru/news/483154.php

Dr.Web recommends

It is important to draw attention to the ethical aspect of the problem.

  • The researchers disclosed the problem before the manufacturers of these vulnerable anti-viruses could eliminate it. Thus, the researchers endangered product users—criminals read the news, too.
  • The researchers disclosed information about the nature of the vulnerability. Because users do not like to update their anti-viruses, criminals, having been told where to search for the vulnerability, will be able to do their own investigating and start attacking users of all solutions, including those for which an update has been released.
  • The study confirmed what Doctor Web is constantly saying: an anti-virus solution must minimally use system services and external libraries. They cannot be under the control of self-protection and, therefore, are vulnerable to hacker attacks.

P.S. Dr.Web anti-virus solutions do not use Microsoft Detours; consequently they are not on the “EnSilo list”.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments