Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others (softpedia.com)

Posted by samzenpus on from the not-a-feature dept.

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.

5 of 34 comments (clear)

  1. Re:Windows Update by aaaaaaargh! · · Score: 4, Funny

    I just flagged gwx.exe as malware in my anti-virus and it works like a charm. Whenever it shows up, it's quarantined and the software makes a full scan. Very convenient.

  2. Please, it is getting old.... by benjymouse · · Score: 2, Informative

    The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

    If you have not activated CEIP, the updates will not cause any information to be sent back to Microsoft. It is that simply.

    https://support.microsoft.com/...

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
    1. Re:Please, it is getting old.... by Anonymous Coward · · Score: 3, Insightful

      Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      If you have not activated CEIP, the updates will not cause any information to be sent back to Microsoft. It is that simply.

      I do not believe you.

    2. Re:Please, it is getting old.... by drinkypoo · · Score: 2

      The updates to telemetry do not suddenly cause Windows to start sending information back to Microsoft. Only when the user has explicitly accepted CEIP (Customer Experience Improvement Program) will these updates have any effect on a system.

      Since Windows is closed-source, and Microsoft has enabled spying features in their produces without asking in the past, and you cannot in fact disable all the telemetry in Windows 10 even by checking all the options which claim to do so, there is not only no reason for the user to take Microsoft at their word, but in fact when Microsoft claims that they are not collecting data the onus is on them to prove it. They have acted in bad faith in the past, and I expect them to do so in both the present and future. To expect otherwise is to ignore the lessons of history. Those who ignore the lessons of history are doomed to repeat them — the rest of us will point and laugh at you.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Windows update breaks often enough by snorris01 · · Score: 2

    Im surprised you need malware to break winows update. I can't count the number of times I've had to do something like delete the softwaredistribution folder to start getting updates again.