Computer viruses are supposed to protect anti-virus software. However, the manufacturers themselves often do not translate transparently with security gaps, ignoring even long-established safety techniques in programming. The Fatal: When a hacker exploits such a gap, he almost always has a dangerous access to the user’s innermost computer architecture.
Computer protection virus scanner tear deep security holes.
Scanners are supposed to protect against computer viruses – but often work with outdated programming code. (Imago / Science Photo Library)
Anti-virus software houses often claim their programs need to be protected against critical review, and if they know how they work, that could harm the user and create a mess , The system has a weak point, and that should be fixed, uncertainty prevents progress.
So Tavis Ormandy, he is looking for security vulnerabilities, especially in anti-virus software, for Google’s Zero project. The fact that it is so often found is mainly due to the fact that modern operating systems provide powerful security, but these are only inadequately used by anti-virus programs. Example: The Address Space Layout Randomization – or more catchy: memory spotting.
This is a must-have, so it’s a technology that must be fully activated on all products. This is a security software that is constantly being exposed to untested objects.
Explains Maik Mogenstern, chef technician at Magdeburg company AV-Test. Memory scrambling causes the various program parts to always be loaded to a different location in the working memory. Digital pests often confuse this. They are no longer familiar with themselves, do not reach their goal – the weakness they want to exploit – and can therefore not do any harm. The programmers have to click on one button when compiling, ie when creating the executable program code of a software module. But they often do not.
We have found that one-third to half of the products use this technique well, but this means that the other half does not use this technique at all or only inadequately.
Security techniques are often ignored
This is due to the fact that anti-virus software often also uses old program libraries. Or old compilers that do not support memory spotting. Another security technique that is often ignored by anti-virus software is Data Execution Prevention. It prevents malicious code from running between pure data.
Conscientiously written software allows only the execution of code, which stands in the designated place in the working memory. Storing data where data is tabbed for executable code.
Programmers who write safety-critical software, browser developers, for example, often screen particularly vulnerable program parts against the rest of the system. They pack them in a sandbox. Anti-virus software houses often do not.
With ordinary application programs one could go through it, if occasionally times a safety rule is neglected. Not for anti-virus software. This is not only directly with malicious software, but also engages deeply into the system. So when a malware attacks the protection software itself, it has devastating consequences. This is what Joxean Koret, one of the security experts who has started the discussion about unsafe security software, sees.
A typical problem is that most, if not all, anti-virus programs run with the highest possible rights, root or system rights, except for a few exceptions, so if you use an exploit for an anti- Virus program, you are most likely to get root or system rights right away.