MS Anti-Spyware: Norton Antivirus is a trojan!

[mobrien_12]

http://it.slashdot.org/it/06/02/11/2259232.shtml

http://blog.washingtonpost.com/securityfix/2006/02/microsoft_antispyware_deleting_1.html

Microsoft's Anti-Spyware program is causing troubles for people who also use Symantec's Norton Anti-Virus software; apparently, a recent update to Microsoft's anti-spyware application flags Norton as a password-stealing program and prompts users to remove it

Brilliant, MS.  Can you imagine how many headaches this is going to cause the windoids?

[Orethrius]

http://it.slashdot.org/comments.pl?sid=177101&cid=14696745

I think that comment says an awful lot.  

[H_TeXMeX_H]

Notron is shit anyway ... it has tons of bugs and security holes (or it did ... somehow I don't think they really fixed them or new ones came up)

[Jack2000]

Norton sux
but that does not excuse
M$ for SHARKING again!

[Aloone_Jonez]

Firstly all anti-virus sortware is shit and I'm sick and tired of people believing the myth that it's the best way of securing thier system. No, using a limited account for the non-administrative activities offers a far greater level of protection than any bug ridden anti-virus program.

If you must use anti-virus then don't use more than one program at the same time. I strongly advise against using a memory resident scanner because it's a recource hog and also a cause of instability.

[Dark_Me]

I used Norton once. It was a system hog and ran scans at almost random intervals. The UI was also too complicated. Oviosly I uninstalled it.

[Pathos]

I wouldn't be surprised if MS is right

[mobrien_12]

I don't believe that running windows under a limited priveledge account is enough to protect you from virus infections.  OSX, Linux, BSD, yeah.  Windows, no.  

You run Windows regularly in the manner that most users do, you pretty much have to have an antivirus program, because Windows is such a piece of junk.

Yes, Antivirus software is bloated.  Yes, it is a resource hog.  Yes, it slows your system down.   Yes, it causes problems.  All reasons to use a secure operating system that doesn't need AV.  

Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security.  It's inexcusable, and pathetic, for one security band-aid to disable another.

[piratePenguin]

Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security.  It's inexcusable, and pathetic, for one security band-aid to disable another.

http://security.tombom.co.uk/shatter.html

This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. Microsoft has known about these flaws for some time; when I alerted them to this attack, their response was that they do not class it as a flaw - the email can be found here. This research was sparked by comments made by Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. He mentioned Message Queueing, and immediately regretted it. However, given the quantity of research currently taking place around the world after Mr Allchin's comments, it is about time the white hat community saw what is actually possible.

This paper is a step-by-step walkthrough of how to exploit one example of this class of flaw. Several other attack methods are discussed, although examples are not given. There are many ways to exploit these flaws, and many variations on each of the stages presented. This is just one example.

Does anyone know if MS has fixed that exploit since?

[muzzy]

The so called "Shatter" type of attack still works. It basically means that anything running on the same desktop can be owned. Windows isn't limited to single windowstation or single desktop, though, and I recall there's no similar vulnerability for jumping outside the desktop bounds.

There are more serious shatter-type attacks than described on the above paper, too. For example, common control header resize and size query can be used to write any data into target process memory without having VM privileges. Ouch!

So, this is an issue if you have gui applications running as admin on the user's desktop. For this reason, services nowadays run their GUI code with user privileges and communicate with the privileged code through pipes.

This issue is unfixable since the vulnerability exists by design, however it's contained to the software running in a single desktop. In multi-user windows environments different users have different desktops and even different windowstations and this isn't an issue. The secure desktop invoked through Ctrl-Alt-Del is unaffected and the gui stuff there cannot be taken over, same applies for screensavers. Except on w9x, ofcourse

[H_TeXMeX_H]

http://security.tombom.co.uk/shatter.html

Does anyone know if MS has fixed that exploit since?

Great article ... :thumbup: ... I suppose the exploit is not fixable, at least from the info I'm getting.

[muzzy]

Yea, it cannot be fixed as long as win32 api is being used. However, as more and more applications move onto .NET, the whole win32 subsystem might become obsolete in the future. With that, its design flaws will also vanish into oblivion.

[worker201]

Yea, it cannot be fixed as long as win32 api is being used. However, as more and more applications move onto .NET, the whole win32 subsystem might become obsolete in the future. With that, its design flaws will also vanish into oblivion.

That's going to be a long time in the future - I don't think Windows98, Windows2000, and WindowsXP are going anywhere.  The marginal benefits of upgrading aren't looking good so far.

[muzzy]

I don't know anyone anymore who still runs win98 for any real purpose. Well, I think my sister might still use it on one system since she has hardware that doesn't have drivers for anything else. Or perhaps even she doesn't, not sure. The point is, win98 is basically gone already.

Win3.x and ms-dos are still used in many commercial settings, especially in systems that aren't networked. However, this is done for applications. For generic use, home users and commercial workstations, the w9x line is already in the past.

Also, there's .NET framework for current windows systems, which means people can move to .NET systems without changing their OS. The point is, when enough software is on .NET the underlying OS can be completely changed. The real question is, how much everyday software is going to move to the .NET platform and how soon?

The .NET framework has still some work to do, too. It's not very mature, you'll run into problems by trying to write even the simplest of applications. However, it's being worked on and in 2-4 years we'll have stable .NET platform with sensible APIs for writing real world applications. Another 2-4 years from that and microsoft will have ported their significant applications to .NET and by then we probably have stable GNU mono around as well.

Maybe

[worker201]

I don't know anyone anymore who still runs win98 for any real purpose. Well, I think my sister might still use it on one system since she has hardware that doesn't have drivers for anything else. Or perhaps even she doesn't, not sure. The point is, win98 is basically gone already.

So sorry, but I believe you are quite mistaken.  I know lots of people who run Windows 98.  In 100% of those cases, it is because their computers couldn't handle a higher version, either because of poor processor power, or low RAM.  Mostly, these people use their computers for records-keeping and WalMart-software.  But they are still computer users.  And the marginal cost of buying a P3 with 256MB RAM is more than the marginal benefit of increased performance.  Relatively low income households, is what I am talking about here.

Admittedly, when I have to use (or more likely "fix") these people's computers, I feel all icky and wonder what the fuck they are doing with such a piece of shit.  But does that mean they should be totally written off when it comes to support and protection?  I don't think so.  
I am uninterested in denying the technologically underpriveleged the right to information.