Windows Synchronization Object Vulnerabilites in Antivirus Suites

Discussion in 'Server Security' started by Jeffrey Walton, Apr 19, 2011.

  1. Abstract

    In 2009 we examined the effects of manipulating synchronization
    objects in security software suites frequently found on personal
    computers running Windows XP and Vista. The synchronization objects
    were mutexes and events, and the security software included products
    from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset,
    F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials),
    Norman, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend
    Micro.

    The examinations revealed that nearly all suites suffered non-trivial
    faults originating from both standard and administrator accounts. The
    faults ranged from simple denial of service affecting the UI console
    and definition update service to scanner crashes and surreptitious
    suite shutdown.

    http://www.softwareintegrity.com/documents/Old-Dogs-and-New-Tricks.pdf
     
    Jeffrey Walton, Apr 19, 2011
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.