ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe' A flaw in the Trend Micro Anti-Threat Toolkit can be exploited by hackers to run malware on victims' Windows computers. Bug-hunter John "hyp3rlinx" Page took credit for uncovering CVE-2019-9491, an arbitrary code execution flaw in the security tool. In short, the Trend software can be tricked into executing any old piece of …
Locations, probably yes. Those haven't changed since NT4, as far as I remember.
Checking the size is pointless. If an attacker has overwritten the files in their canonical locations, it's already Game Over. The attacker has scope to cause all sorts of damage.
What Trend should do is check the signature, except cmd.exe and regedit.exe aren't signed, just like most of the software Microsoft ships. I have no idea why not; they promote Authenticode to VARs and provide (admittedly clumsy) tooling for it. There have been problems in the past with expiring signatures, but Authenticode has supported timestamping for years. And some MS binaries are signed - like the debuggers in the Debugging Tools for Windows package.
Or, better, anti-malware software shouldn't execute cmd.exe and regedit.exe. Why the hell does it do either of those things? Looks like injection vulnerabilities just waiting to be found.
Is this where you tell us "Macs don't get viruses"?
EVERY OS has vulnerabilities, and every OS can have malicious files run on them. Not even air-gapped industrial control networks are safe, as Stuxnet proved. For the average user, antimalware is a requirement...unless you like just wiping your computer every few months because it got infected, again.
There is a big difference between "every OS can have malicious files run on them" and "every OS is likely to have malicious files run on them by a remote attacker".
My personal systems have been connected to the TCP/IP version of TehIntraWebTubes with un*x-type OSes since Flag Day with no issues. That's every minute of every day since midnight on January 1st, 1983. (The Morris Worm affected systems at work that I was not allowed to lock down until after the fact. My home systems were unaffected. That's as close as I've ever come to being infected.)
Anti-malware is snake-oil sold to users of insecure-by-design operating systems. Have you not noticed that it so very frequently fails? Ever ask yourself why?
To answer your question, I don't generally use Apple anything ... but the one Apple machine here looks more like a proper BSD than the bastardized kludge that is shipped by Cupertino.
I stand corrected. A pint being the usual wager around here, have a beer.
(I think I still have a couple each of the 1650, 1660 and 1670 modems for a C64 floating around here somewhere ... Odd the things you pick up over the years. Odder still the things you hang onto for no apparent reason.)
My mom and aging GreatAunt have been using the Slackware distribution of Linux for years ... and haven't had any malware problems the entire time, with zero anti-malware software running. Both are functionally computer illiterate. I could have put them on BSD instead, the interface that they interact with would look and act the same on either OS.
Anti-malware is snake-oil sold to users of insecure-by-design operating systems. Have you not noticed that it so very frequently fails? Ever ask yourself why?
Durr. I'm going to go ahead and answer your question by saying that, unlike you, the malware scene isn't frozen in time and is constantly evolving - hence the need for updates, patches and bugfixes.
In this particular case, from what I can see ATTK is a free support tool and not an antivirus product in itself. The snake-oil sold to users is where exactly??
So what? It's not only zero days you should fear only - which may not be trapped by an AV anyway - there's a lot of malware you have to trap before it gets executed - including those targeting unpatched applications, and then hinder their attempts to expand the attack - often using tools that aren't malware per se, but can be used as such and an AV can identify and warn the user.
Sure, just ask Equifax...
Who needs malware when your username/password is admin/admin ?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
