Slashdot Mirror

← Back to Stories (view on slashdot.org)

Archive Formats Kill Antivirus Products

Posted by kdawson on from the fuzz-in-the-zip dept.

nemiloc sends us to the F-Secure blog for breaking news about widespread vulnerabilities in programs that process archive files: "The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors — including several antivirus vendors... including us." Here is test material from OUSPG and a joint advisory from Finnish and English security organizations. It isn't news that security products can have have security vulnerabilities. What makes this advisory important is that antivirus software is a perfect target. It is run in critical places with high privileges and auto-updates to keep versions coherent.

6 of 115 comments (clear)

  1. That's nothing by Anonymous Coward · · Score: 5, Funny

    Windows can crash over 9000 products.

  2. Re:Secure Platform without Anti-virus by JeanBaptiste · · Score: 5, Insightful

    Cool. I need to run MS SQL server, it's the only one that my company's workflow software will run on. Also our enterprise app is all written in ASP. We also have lots of Exchange users. It would probably take years and years to convert all these things over to something else, probably with downtime and data loss.

    Your 'solution' may work for some, but probably not for most, and for the rest of us, thats what these articles are posted for!

  3. Re:Secure Platform without Anti-virus by TheRaven64 · · Score: 5, Insightful

    That's okay, the money has already been allocated, because you factored in the cost of migrating away from the platform as part of the TCO. You did include migration costs in your TCO calculations when purchasing the workflow software and Exchange, right?

    --
    I am TheRaven on Soylent News
  4. There's breakage and there's breakage by davidwr · · Score: 5, Informative

    There's

    1. "I had an exception processing file ABC.ZIP, skipping file,"
    2. Crashing and dying without handling the exception, and
    3. Being exploited due to an unexpected condition.

    The first lets viruses hide in carefully-mis-crafted archives.
    The second lets viruses deactivate antivirus software.
    The third lets viruses 0wn j00.

    Some AV software is smart enough to log instances of #1.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:There's breakage and there's breakage by mea37 · · Score: 5, Interesting

      Really smart AV software wouldn't make assumptions about the contents of the file (eliminating #3), would always check for exceptions (eliminating #2), and would treat a processing exception pretty much like a virus (neutralizing #1).

      Very little software in practice is that smart. But with AV, you know you're at war with the file you're scanning. Any AV vendor caught by this should be embarrased.

  5. Hrm by Shadow-isoHunt · · Score: 5, Informative

    Details on the latest examples
    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0308
    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0309

    --
    www.isoHunt.com