Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others (softpedia.com)

Posted by samzenpus on from the not-a-feature dept.

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.

20 of 34 comments (clear)

  1. Block Windows Update? by Anonymous Coward · · Score: 1, Interesting

    Thank you hackers!!!

  2. Re:Windows Update by aaaaaaargh! · · Score: 4, Funny

    I just flagged gwx.exe as malware in my anti-virus and it works like a charm. Whenever it shows up, it's quarantined and the software makes a full scan. Very convenient.

  3. Please, it is getting old.... by benjymouse · · Score: 2, Informative

    The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

    If you have not activated CEIP, the updates will not cause any information to be sent back to Microsoft. It is that simply.

    https://support.microsoft.com/...

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
    1. Re:Please, it is getting old.... by Anonymous Coward · · Score: 3, Insightful

      Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      If you have not activated CEIP, the updates will not cause any information to be sent back to Microsoft. It is that simply.

      I do not believe you.

    2. Re:Please, it is getting old.... by viperidaenz · · Score: 1

      Do else would a "customer experience improvement program" work, if not by sending customer experience data to Microsoft?

    3. Re:Please, it is getting old.... by ArsenneLupin · · Score: 1

      Do else would a "customer experience improvement program" work, if not by sending customer experience data to Microsoft?

      But would a computer illiterate person know that? Or, for that matter, would they even read the text of the question, or just mechanically click yes?

      Btw, here at work, we have come across a Win 7 box where this service was indeed enabled, without anybody having clicked anything. Sure, it can be disabled again after the fact, but for that you first have to know about it...

    4. Re:Please, it is getting old.... by viperidaenz · · Score: 1

      I assume you work at a very small company.

      Otherwise someone in IT would have had to approve the update via WSUS and configure the setting to turn it on.
      The only other way for it to happen would be for a user with admin rights to do it.

    5. Re:Please, it is getting old.... by ArsenneLupin · · Score: 1

      It is indeed a rather small structure (not a company, but a public administration). I'll have to ask more details from the guy who discovered it...

    6. Re:Please, it is getting old.... by drinkypoo · · Score: 2

      The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      Since Windows is closed-source, and Microsoft has enabled spying features in their produces without asking in the past, and you cannot in fact disable all the telemetry in Windows 10 even by checking all the options which claim to do so, there is not only no reason for the user to take Microsoft at their word, but in fact when Microsoft claims that they are not collecting data the onus is on them to prove it. They have acted in bad faith in the past, and I expect them to do so in both the present and future. To expect otherwise is to ignore the lessons of history. Those who ignore the lessons of history are doomed to repeat them — the rest of us will point and laugh at you.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re:Please, it is getting old.... by Ol+Olsoc · · Score: 1

      The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      All you have to do is believe that bit of pie in the sky.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    8. Re:Please, it is getting old.... by drinkypoo · · Score: 1

      You can look at the network packets and go from there.

      Right, that's been done, we discussed it here on Slashdot.

      Now, since that requires some basic technical skills, you ofcource are incapable of doing it

      Big words from a coward who isn't even capable of looking back at prior discussions we had on this topic where, if you did so, you would find vindication for my statements.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:Windows Update by U2xhc2hkb3QgU3Vja3M · · Score: 1

    Would anyone care to explain the funny in the comment above, for those of us who don't use Windows?

  5. LOL by rawtatoor · · Score: 1

    If you didn't already block Windows update already you're just going to hypnotize to death.

  6. Re:Windows Update by jbrown.za · · Score: 1

    It's the "utility" that helps users install Windows 10 ...

  7. Re:Windows Update by cfalcon · · Score: 1

    Forgot quotes around "help".

  8. Windows update breaks often enough by snorris01 · · Score: 2

    Im surprised you need malware to break winows update. I can't count the number of times I've had to do something like delete the softwaredistribution folder to start getting updates again.

  9. Re:Windows Update by Anonymous Coward · · Score: 1

    I just flagged gwx.exe as malware in my anti-virus and it works like a charm. Whenever it shows up, it's quarantined and the software makes a full scan. Very convenient.

    How do you get any work done with you computer constantly running virus scans, though?

  10. Re:FRESH BRAND NEW CURRENT NEWS by cavreader · · Score: 1

    Users don't care about operating systems they care about running applications. "This bullshit is an unprecedented global backstab in the history of Earth" Evidently you know absolute nothing about the history of Earth. And your comments also make you look mentally incapable of understanding the pros and cons of the various operating systems.

  11. Comment Subject: by WallyL · · Score: 1

    I would love to block Windows Update! Where do I sign up?

  12. Re:FRESH BRAND NEW CURRENT NEWS by cavreader · · Score: 1

    Although I hate to date myself I have been employed for 28 years in IT. There isn't an OS in existence that I have not worked on in my career. Judging by your "backstabbing" comments you must be around 12 years old give or take a few years. Evangelizing an OS to the exclusion of all others has no place in the professional IT environment. And I wasn't shilling for MS I was remarking that your average users do not care about their OS they care about running applications. And Linux does have a heavy presence in the data center and in other back end web server roles but so does MS. The MS versus Linux battle boils down to selecting the OS that best fits the situation you are working on.