OK, so if I'm reading this right, it comes down to: You can pwn Kaspersky's AV if you've already pwned the machine?
Flaws have been found and fixed in Kaspersky Lab's security software for cash machines and other embedded systems. Hackers can exploit the bugs to circumvent anti-malware defenses in ATMs. Although Kaspersky responded promptly to the discovery and developed and released a patch, one wonders how long it will take for the …
Thursday 13th July 2017 20:11 GMT hellwig
If it's too hard, why bother?
When this time interval runs out, the program is started anyway.
Sounds like someone made a trade-off between user experience and security. Who let the sales people into the meeting on security?
This is a one-shot attack because the hashing process is not halted, and the system caches signatures. Therefore, the next time that executable is started, Kaspersky's software will be able to immediately realize the file is bad and stop it.
So, the last thing your application should do is rename and reinstall itself?
I'm less worried about Kaspersky's ties to the Russian government and more about their QA and verification procedures.
Thursday 13th July 2017 23:12 GMT Stevie
Re: If it's too hard, why bother?
I used to regularly have to explain the facts of life to database programmers who coded "check error return status and plough on regardless" every furging time.
Got to the point that when programmers turned up claiming a database issue I would offer to give them ten dollars if that turned out to be the case, and if they agreed to pay me one dollar for every code logic error I could spot in their blither. Not one taker, usually because I'd glance at page one and say "you should know you are already three bux in the hole" or somesuch.
Friday 14th July 2017 10:18 GMT Anonymous Coward
Security prog borks on large files
"When this program is started, the system computes its hash and checks this against a list of approved signatures to decide whether to allow or block the execution. With a large file, the process takes longer than the time allotted for verification. When this time interval runs out, the program is started anyway."
This would never have happened if they used industry standard commercial software from Microsoft.
Friday 14th July 2017 14:58 GMT Flakk