Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others (softpedia.com)

Posted by samzenpus on from the not-a-feature dept.

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.

34 comments

  1. Block Windows Update? by Anonymous Coward · · Score: 1, Interesting

    Thank you hackers!!!

  2. Windows Update by Anonymous Coward · · Score: 0

    Seems to be under a great amount of suspicion lately. I have no problem with some of the more trusted virus-scan vendors flagging various Windows updates as malicious software.

    MS pushed out three very suspicious updates recently related to so-called "telemetry".

    If I added *telemetry* to my software, I would be flagged as a phone-phone spyware vendor in no time, and rightfully so.

    But if a corporation does this, it's for the benefit of the "consumer" -- ie. the person that was called a "customer" prior to Windows 98.

    Telemetry is for experimental aviation and aerospace. It's **NOT** for my phone for personal computer.

    1. Re:Windows Update by aaaaaaargh! · · Score: 4, Funny

      I just flagged gwx.exe as malware in my anti-virus and it works like a charm. Whenever it shows up, it's quarantined and the software makes a full scan. Very convenient.

    2. Re:Windows Update by U2xhc2hkb3QgU3Vja3M · · Score: 1

      Would anyone care to explain the funny in the comment above, for those of us who don't use Windows?

    3. Re:Windows Update by jbrown.za · · Score: 1

      It's the "utility" that helps users install Windows 10 ...

    4. Re:Windows Update by cfalcon · · Score: 1

      Forgot quotes around "help".

    5. Re:Windows Update by Anonymous Coward · · Score: 1

      I just flagged gwx.exe as malware in my anti-virus and it works like a charm. Whenever it shows up, it's quarantined and the software makes a full scan. Very convenient.

      How do you get any work done with you computer constantly running virus scans, though?

    6. Re:Windows Update by Anonymous Coward · · Score: 0

      If I am right its a little piece of adware that nagged users to upgrade to windows 10 when it was an untested mess. It still sits in my taskbar and cannot be removed by conventional means - at least it seems to be silent now.

  3. Please, it is getting old.... by benjymouse · · Score: 2, Informative

    The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

    If you have not activated CEIP, the updates will not cause any information to be sent back to Microsoft. It is that simply.

    https://support.microsoft.com/...

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
    1. Re:Please, it is getting old.... by Anonymous Coward · · Score: 0

      Let me guess, by your (c)copious use(R) of words such as "experience"(tm), you hold a Masters of Business of Administration(R) degree from a prestigious(c) institution such as the (c)Massachusetts Institute of mail-order(tm) Business Administration(tm)(R)(U)?

    2. Re:Please, it is getting old.... by Anonymous Coward · · Score: 0

      You forgot one brah. There's K (no circle) which means Kosher, for Passover.

    3. Re:Please, it is getting old.... by Anonymous Coward · · Score: 0

      Does the *average person* ___UNDERSTAND___ what accepting "CEIP" means.???

      I doubt that.

      My father is a bona-fide genius, but he's not a lawyer, and I doubt he could parse some click-through agreement in any meaningful time frame without the assistance of an attorney at considerable expense to himself and our family.

      Something is seriously fucked up with this whole system...???

    4. Re:Please, it is getting old.... by Anonymous Coward · · Score: 3, Insightful

      Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      If you have not activated CEIP, the updates will not cause any information to be sent back to Microsoft. It is that simply.

      I do not believe you.

    5. Re:Please, it is getting old.... by viperidaenz · · Score: 1

      Do else would a "customer experience improvement program" work, if not by sending customer experience data to Microsoft?

    6. Re:Please, it is getting old.... by ArsenneLupin · · Score: 1

      Do else would a "customer experience improvement program" work, if not by sending customer experience data to Microsoft?

      But would a computer illiterate person know that? Or, for that matter, would they even read the text of the question, or just mechanically click yes?

      Btw, here at work, we have come across a Win 7 box where this service was indeed enabled, without anybody having clicked anything. Sure, it can be disabled again after the fact, but for that you first have to know about it...

    7. Re:Please, it is getting old.... by viperidaenz · · Score: 1

      I assume you work at a very small company.

      Otherwise someone in IT would have had to approve the update via WSUS and configure the setting to turn it on.
      The only other way for it to happen would be for a user with admin rights to do it.

    8. Re:Please, it is getting old.... by ArsenneLupin · · Score: 1

      It is indeed a rather small structure (not a company, but a public administration). I'll have to ask more details from the guy who discovered it...

    9. Re:Please, it is getting old.... by drinkypoo · · Score: 2

      The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      Since Windows is closed-source, and Microsoft has enabled spying features in their produces without asking in the past, and you cannot in fact disable all the telemetry in Windows 10 even by checking all the options which claim to do so, there is not only no reason for the user to take Microsoft at their word, but in fact when Microsoft claims that they are not collecting data the onus is on them to prove it. They have acted in bad faith in the past, and I expect them to do so in both the present and future. To expect otherwise is to ignore the lessons of history. Those who ignore the lessons of history are doomed to repeat them — the rest of us will point and laugh at you.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    10. Re:Please, it is getting old.... by Ol+Olsoc · · Score: 1

      The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      All you have to do is believe that bit of pie in the sky.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    11. Re:Please, it is getting old.... by Anonymous Coward · · Score: 0

      Since Windows is closed-source,

      Yawn. You don't have to look at the source. Nobody in their right mind ever looks at millions of lines of code to understand what a OS is doing in its entirety. You can look at the network packets and go from there. Now, since that requires some basic technical skills, you ofcource are incapable of doing it, but I'm sure theres someone out there who you might.

      They have acted in bad faith in the past, and I expect them to do so in both the present and future

      Using that kindergarten logic, you can make any outlandish claim and justify it. Certainly trolls like you do take liberty with the truth, but then again, you don't claim to be fact based, so its not really an issue. I pardon your stupidity.

      Those who ignore the lessons of history are doomed to repeat them â" the rest of us will point and laugh at you.

      Speak for yourself. We haven't made you our spokesperson (indeed nobody would even think of making you one).

    12. Re:Please, it is getting old.... by drinkypoo · · Score: 1

      You can look at the network packets and go from there.

      Right, that's been done, we discussed it here on Slashdot.

      Now, since that requires some basic technical skills, you ofcource are incapable of doing it

      Big words from a coward who isn't even capable of looking back at prior discussions we had on this topic where, if you did so, you would find vindication for my statements.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    13. Re:Please, it is getting old.... by Anonymous Coward · · Score: 0

      You are a liar.

      You defended your position by saying that you don't have to take MS at their word. Implying that your only reason for not believing them was your own prior bias and you "expect them" to do this. Not that you have proof. That is certainly understandable. After all, people still vote Republican. If you had "evidence" (which you don't) you would have just presented it.

      Right, that's been done, we discussed it here on Slashdot

      Whats been "discussed" is the usual slashdot echo chamber of unsubstantiated "facts". It happens during every Windows release. And history proves you idiots wrong, every single time.

      To be fair, you idiots do this with other products as well, so its not a purely anti-ms thing. It's an anti-intellectual thing. Apple and Google are also targeted by you fools.

      A real technical forum would just point to the exact bits in the code path that do all the things you crazies claim it does.

  4. LOL by rawtatoor · · Score: 1

    If you didn't already block Windows update already you're just going to hypnotize to death.

  5. Consumer... by Anonymous Coward · · Score: 0

    When I hear this, I think of some big fat shlub embedded into the couch crunching on potato chips.

  6. Windows update breaks often enough by snorris01 · · Score: 2

    Im surprised you need malware to break winows update. I can't count the number of times I've had to do something like delete the softwaredistribution folder to start getting updates again.

  7. Re:FRESH BRAND NEW CURRENT NEWS by Anonymous Coward · · Score: 0, Troll

    Subject: Please, it is getting old...

    Oy vey benjy it's CURRENT. It is absolutely brand new and right now... and according to Microsoft it is perpetual. This is the "Last Windows". And it is intentional. Trying to sweep lies under the rug makes you look like full shill.

    If no Microsoft then no Kaspersky. They feed on this weak operating system to survive. It is not an "attack" if it blocks your Windows Updates, it is a gift.

    This story is shill. Read these while benjy does bagels.

    http://arstechnica.com/information-technology/2015/08/microsoft-has-no-plans-to-tell-us-whats-in-windows-patches/
    http://arstechnica.com/information-technology/2015/09/leaks-show-that-microsoft-writes-release-notes-so-why-cant-it-publish-them/

    https://www.gnu.org/proprietary/malware-microsoft.html
    http://www.computerworlduk.com/blogs/open-enterprise/how-can-any-company-ever-trust-microsoft-again-3569376/
    http://www.networkworld.com/article/2956574/microsoft-subnet/windows-10-privacy-spyware-settings-user-agreement.html

    http://www.technobuffalo.com/2013/08/22/nsa-windows-8-exploit/
    http://www.technobuffalo.com/2013/07/11/microsoft-gave-the-nsa-direct-backdoor-access-to-outlook-skype/
    http://winsupersite.com/windows-10/how-stop-windows-10-upgrade-downloading-your-system
    http://www.extremetech.com/computing/195592-with-windows-10-microsoft-could-move-to-a-subscription-based-model
    http://www.extremetech.com/computing/205320-microsoft-windows-10-will-be-the-last-version-of-windows
    https://www.youtube.com/watch?v=5GU5uv28a3I
    http://techrights.org/2015/07/31/vista-10-anticompetitive/
    https://www.youtube.com/watch?v=wwRYyWn7BEo
    https://www.youtube.com/watch?v=Gghj03J_ri0
    http://localghost.org/posts/a-traffic-analysis-of-windows-10
    http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/

    THESE
    https://gitlab.com/windowslies/blockwindows
    ^(have to uncomment the #'s on two url's in the hosts file per latest change)
    https://senk9.wordpress.com/checklists/windows-10-privacy-checklist/

    The YouTube video above that is gone now, was gone within days. It was a guy here on Slashdot who wiresharked (packet sniffed) all the data Microsoft was collecting with Windows 10 and filmed it and posted it on YouTube. It was removed. Gee, wonder why? The gitlab link above... you should use the hosts file if you use Windows at all... put it where you goes... but note: uncomment the two URL's with the "#'s". Those mysteriously appeared recently. It's highly likely that if you rely on that hosts file while the update url's are commented out, you get snuck some code. The URL's were only commented out with #'s in the most recent update.

    This bullshit is an unprecedented global backstab in the history of Earth. You should be using Linux. If you are using Mac it's just a matter of time, enjoy your walled garden. distrowatch.com

    "Customer Experience Improvement Program" (CEIP) derp.

    It's a monolithic crashware OS put out by a company that weaseled billions in cash by every deceitful business practice you can think of. They make gypsies look like amateurs. Oh, can't blame Bill right? He's just out doing philanthropy and working on toilets in Africa. gmab

    Linux does every single thing better... and more of it. And you can use it when you want how you want and as many times as you want... do any and everything you want. Way more Internet stuff, way more multimedia stuff, Office stuff that works great and you don't have to pay an annual subscription, way more everything. Print out Microsoft's "license" and "privacy agreement" and burn them, or just save paper.

  8. Re:FRESH BRAND NEW CURRENT NEWS by cavreader · · Score: 1

    Users don't care about operating systems they care about running applications. "This bullshit is an unprecedented global backstab in the history of Earth" Evidently you know absolute nothing about the history of Earth. And your comments also make you look mentally incapable of understanding the pros and cons of the various operating systems.

  9. Good links to stories about Windows being malware. by Anonymous Coward · · Score: 0

    Excellent links. I guess Microsoft employees modded it down.

  10. Re:FRESH BRAND NEW CURRENT NEWS by Anonymous Coward · · Score: 0

    Users don't care about operating systems they care about running applications.

    Users care about both you punk ass shill. 97% of the globe's supercomputers run on Linux. Amazon certainly cares, they only run Linux. Google runs on Linux. Android is Linux. The International Space Station runs on Linux. This website runs on Linux. Basically all big websites run on Linux. Akamai, Cloudfront, name it. Even fucking www.microsoft.com and www.apple.com run on Linux. freebsd.org? Runs on FreeBSD. Why? It's also cool and has been for decades. Any Linux or BSD that distributed even 1% of the GLOBAL MOTHER FUCKING BACK STAB SPYWARE that is in Windows 10 would be blacklisted, rejected, and shit on forever. When you break trust your ass is done.

    "This bullshit is an unprecedented global backstab in the history of Earth" Evidently you know absolute nothing about the history of Earth.

    Feel free to cite every other global backstab in the history of Earth and make comparisons with this one. What you will find is this is unprecedented you piece of shit shill.

    And your comments also make you look mentally incapable of understanding the pros and cons of the various operating systems.

    Let's see, I started before 8 bit. Used every 8 bit extensively. I've used every Microsuck OS since Xenix, including Xenix, except Millennium and 10.. I've used the majority (>50%) of all Linux distros... I use BSD, I've multi-booted Solaris x86 for years in the past... compiled on all of them kernels worlds apps name it... umm.. what have you done besides suck some shill dick? I assure you my intellect and experience make you look like a cabbage patch shill.

    Windows 10 is global mother fucking spyware bitch. The OS is a BACK STAB. Fact check it. Deal with it punk. Fuck all you shills.

  11. Re:Good links to stories about Windows being malwa by Anonymous Coward · · Score: 0

    Like any hoe... the shills say fuck it to what's right for the sake of money. Fuck 'em. Share those links. You may also want to watch your network traffic by IP address. Firewall by IP address every time Microsoft wants to let themselves talk to your device. Redmond connections, etc.

  12. Comment Subject: by WallyL · · Score: 1

    I would love to block Windows Update! Where do I sign up?

  13. Re:FRESH BRAND NEW CURRENT NEWS by cavreader · · Score: 1

    Although I hate to date myself I have been employed for 28 years in IT. There isn't an OS in existence that I have not worked on in my career. Judging by your "backstabbing" comments you must be around 12 years old give or take a few years. Evangelizing an OS to the exclusion of all others has no place in the professional IT environment. And I wasn't shilling for MS I was remarking that your average users do not care about their OS they care about running applications. And Linux does have a heavy presence in the data center and in other back end web server roles but so does MS. The MS versus Linux battle boils down to selecting the OS that best fits the situation you are working on.

  14. Re:FRESH BRAND NEW CURRENT NEWS by Anonymous Coward · · Score: 0

    Although I hate to date myself I have been employed for 28 years in IT.

    Sure you did.

    There isn't an OS in existence that I have not worked on in my career.

    Uh huh. Where were you running BeOS and Darwin in the Enterprise too? That's how you got so 1337?

    Judging by your "backstabbing" comments you must be around 12 years old give or take a few years.

    Sure thing mythical IT pops. I have used Microsoft shit since Xenix came out. I guess there goes your 12 year old theories but how could you ever be wrong though?

    Evangelizing an OS to the exclusion of all others has no place in the professional IT environment.

    You don't understand what evangelizing even means. Saying use all except 1 is not the same as saying use 1 and no other. Back to your cubicle now thanks.

    And I wasn't shilling for MS I was remarking that your average users do not care about their OS they care about running applications.

    This is not merely false but a blatant lie. Everybody cares about their OS especially the average users. The savvy users can get by on all of them. I do. I just reject anti-trust companies pushing anti-trust malware. Cite something that disproves any of the above links. We can wait, I guess you can't because you are just that damn old lol. Better get on it. Also, people care about who their systems send data to, and what data. Try and refute that and you will double how ridiculous you already look. Not only is closed source stupid, especially from a company proven time and time again to not be trustworthy... but did you see the very first two links above? Microsoft won't tell you what's in the patches let alone show you the code. Go ahead old fucking IT guru for 28 years, tell us how this is smart. A company that just installs whatever code they want and don't even tell you. Can you buy a third fourth or fifth party anti-virus suite too? You sound stupid, sorry.

    And Linux does have a heavy presence in the data center and in other back end web server roles but so does MS.

    You must be so busy with those punch cards and soldering your Amiga that you haven't paid attention to who is running on Linux now. Practically all of cyberspace. Even outer space. The International Space Station switched and sure sure sure.. it could use either, right. Or even others. But why did they change? Why did they change to Linux? Amazon aws... Akamai.. all the cdn's... name it. NASA. 97%+ of the supercomputers globally.

    Desktop Linux and Desktop BSD are great right now too. I use both and both have been great for years. Nothing in Windows is impressive whatsoever. I mean nothing. Zero. Anything cool on a desktop comes from Linux/Android/BSD worlds already. Windows is around basically for a couple games and adblock-to-the-max NoScript Firefox. That's what update-blocked hosts-filed Windows 7/8.x are worth right now. Windows 10 should be illegal to sell on OEM PC's. Since they tell you in a long story "privacy agreement", it's legal. It is not moral. If any Linux or BSD had 1% of Microsoft's new spyware tricks, it would be blacklisted and rejected forever.

    http://www.computerweekly.com/blogs/open-source-insider/2013/05/international-space-station-adopts-debian-linux-drop-windows-red-hat-into-airlock.html

    The MS versus Linux battle boils down to selecting the OS that best fits the situation you are working on.

    That is how it used to go before Windows 10 (Microsoft declares it their final OS). Sort of. It has been use Linux but keep Microsoft around for games for many years already on the desktop. You use both. You don't have to pick only one. But Microsoft has made SO MANY FANCY ATTEMPTS to keep people using Windows. It's a long list but if you are Mr. IT 28-years-guru you know when you could finall