Slashdot Mirror

← Back to Stories (view on slashdot.org)

AntiVirus Products Fail to Find Simple IE Malware

Posted by ScuttleMonkey on from the no-surprise-here dept.

SkiifGeek writes "Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code. Whose responsibility is it to fix this behavior? Both the antivirus / anti-malware companies and Microsoft's IE team have something to answer for."

4 of 190 comments (clear)

  1. Re:As much as I hate Microsoft... by SatanicPuppy · · Score: 5, Insightful

    Better error handling means, when you get an error, it fails intelligently, without destabilizing the application, and passes a more informative error message. It doesn't mean the application should try and read the coders mind.

    The code should damn well work, or not run at all.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  2. Re:Obvious by SatanicPuppy · · Score: 5, Insightful

    They've got you brainwashed. The first line of defense is the program that's executing the code; it should "know" better than to just run everything that comes along. The second line of defense is the operating system: it should "know" what resources the original program is allowed to access, and limit it to those resources, and shut it the hell down if it starts trying to break out of it's sandbox.

    Malware detection and elimination programs are the last line of defense. At this point you've already taken it as a given that your applications and operating system are too stupid not to completely trash themselves, so a third party has to step in and protect the system. And in this situation, they're too stupid. It's a whole culture of incompetence, topped off by ignorant users.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  3. Disabling Script? by JcMorin · · Score: 5, Insightful

    I'm surprise to you can still use the web today without javascript... or at least you are missing a great part of it. I think the solution is to have secure browser... nothing more.

  4. Re:Browsers are far too forgiving by Dracos · · Score: 4, Insightful

    There is valid and invalid HTML, there is no "acceptable" gray area.

    IMO, browser tolerance for bad HTML is part of what got us into this mess. IE takes this to an unnecessary extreme. As a consequence, many de[velop|sign]ers failed to actually learn HTML (properly, if at all), and think XHTML is hard because it has rules.

    Give Adobe a little break, they've only owned Macromedia for a couple years. It's Macromedia's fault for producing what competent developers know is a shoddy tool.

    If language compilers, databases, or any other critical software were as forgiving as browsers are, the IT industry would be a shadow of what it is.