[ news_security_news ]
Kaspersky Products Patching Problems
David Utter
Staff Writer
2007-04-06
 Security News RSS Feed
Security firm Kaspersky had to patch vulnerabilities in their products that could have resulted in theft of files or remote code execution.
Kaspersky has fixed flaws in its AntiVirus and Internet Security Suite products, through the release of its Maintenance Pack 2 updates. Vulnerabilities existed in those products that left users at risk of remote exploitation.
Their Internet Security Suite had been vulnerable to a heap overflow issue. Once exploited, an attacker could execute code within the kernel context. The iDefense Labs report said the klif.sys driver contained the problem.
ActiveX proved problematic for Kaspersky's AntiVirus product. Malicious websites would be able to steal files from the local filesystem. Here, iDefense Labs said a method called 'StartUploading' contained in an ActiveX control could allow an "anonymous FTP transfer of any file they specify off of the victim's machine."
Antivirus: The Signature Is Not Enough: Polymorphic attacks can blow by conventional signature-based defenses on computer systems, as the signature databases cannot be updated fast enough to defeat a morphing threat.
SANS Instructor Ed Skoudis said in a SearchSecurity report that modern defenses are being updated to deal with the polymorphic issue.
"Most major antivirus tools today employ heuristic checks. Think of these like 'fuzzy' signatures; instead of matching the exact contents of a file in the file system or in memory, heuristic technologies only require certain crucial piece parts of code to match," he wrote.
Tags: Kaspersky, Antivirus, Heuristics
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
