Author Topic: MS Anti-Spyware: Norton Antivirus is a trojan!  (Read 4140 times)

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
MS Anti-Spyware: Norton Antivirus is a trojan!
« on: 12 February 2006, 02:20 »
http://it.slashdot.org/it/06/02/11/2259232.shtml

http://blog.washingtonpost.com/securityfix/2006/02/microsoft_antispyware_deleting_1.html

Quote

Microsoft's Anti-Spyware program is causing troubles for people who also use Symantec's Norton Anti-Virus software; apparently, a recent update to Microsoft's anti-spyware application flags Norton as a password-stealing program and prompts users to remove it


Brilliant, MS.  Can you imagine how many headaches this is going to cause the windoids?
In brightest day, in darkest night, no evil shall escape my sight....

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #1 on: 12 February 2006, 02:38 »
http://it.slashdot.org/comments.pl?sid=177101&cid=14696745

I think that comment says an awful lot.  ;)

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #2 on: 12 February 2006, 03:01 »
Notron is shit anyway ... it has tons of bugs and security holes (or it did ... somehow I don't think they really fixed them or new ones came up)

Jack2000

  • Guest
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #3 on: 12 February 2006, 12:32 »
Norton sux
but that does not excuse
M$ for SHARKING again!

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #4 on: 12 February 2006, 13:01 »
Firstly all anti-virus sortware is shit and I'm sick and tired of people believing the myth that it's the best way of securing thier system. No, using a limited account for the non-administrative activities offers a far greater level of protection than any bug ridden anti-virus program.

If you must use anti-virus then don't use more than one program at the same time. I strongly advise against using a memory resident scanner because it's a recource hog and also a cause of instability.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #5 on: 12 February 2006, 16:12 »
I used Norton once. It was a system hog and ran scans at almost random intervals. The UI was also too complicated. Oviosly I uninstalled it.
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

Pathos

  • Member
  • **
  • Posts: 518
  • Kudos: 416
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #6 on: 13 February 2006, 05:14 »
I wouldn't be surprised if MS is right :P

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #7 on: 13 February 2006, 08:05 »
I don't believe that running windows under a limited priveledge account is enough to protect you from virus infections.  OSX, Linux, BSD, yeah.  Windows, no.  

You run Windows regularly in the manner that most users do, you pretty much have to have an antivirus program, because Windows is such a piece of junk.

Yes, Antivirus software is bloated.  Yes, it is a resource hog.  Yes, it slows your system down.   Yes, it causes problems.  All reasons to use a secure operating system that doesn't need AV.  

Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security.  It's inexcusable, and pathetic, for one security band-aid to disable another.
In brightest day, in darkest night, no evil shall escape my sight....

piratePenguin

  • VIP
  • Member
  • ***
  • Posts: 3,027
  • Kudos: 775
    • http://piratepenguin.is-a-geek.com/~declan/
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #8 on: 13 February 2006, 16:48 »
Quote from: mobrien_12

Now most windows users need anti-spyware stuff too, again as a band aid for the Windows crappy security.  It's inexcusable, and pathetic, for one security band-aid to disable another.

http://security.tombom.co.uk/shatter.html
Quote
This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. Microsoft has known about these flaws for some time; when I alerted them to this attack, their response was that they do not class it as a flaw - the email can be found here. This research was sparked by comments made by Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. He mentioned Message Queueing, and immediately regretted it. However, given the quantity of research currently taking place around the world after Mr Allchin's comments, it is about time the white hat community saw what is actually possible.

This paper is a step-by-step walkthrough of how to exploit one example of this class of flaw. Several other attack methods are discussed, although examples are not given. There are many ways to exploit these flaws, and many variations on each of the stages presented. This is just one example.

Does anyone know if MS has fixed that exploit since?
"What you share with the world is what it keeps of you."
 - Noah And The Whale: Give a little love



a poem by my computer, Macintosh Vigilante
Macintosh amends a damned around the requested typewriter. Macintosh urges a scarce design. Macintosh postulates an autobiography. Macintosh tolls the solo variant. Why does a winter audience delay macintosh? The maker tosses macintosh. Beneath female suffers a double scum. How will a rat cube the heavier cricket? Macintosh calls a method. Can macintosh nest opposite the headache? Macintosh ties the wrong fairy. When can macintosh stem the land gang? Female aborts underneath macintosh. Inside macintosh waffles female. Next to macintosh worries a well.

muzzy

  • Member
  • **
  • Posts: 391
  • Kudos: 409
    • http://muzzy.net/
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #9 on: 13 February 2006, 17:41 »
The so called "Shatter" type of attack still works. It basically means that anything running on the same desktop can be owned. Windows isn't limited to single windowstation or single desktop, though, and I recall there's no similar vulnerability for jumping outside the desktop bounds.

There are more serious shatter-type attacks than described on the above paper, too. For example, common control header resize and size query can be used to write any data into target process memory without having VM privileges. Ouch!

So, this is an issue if you have gui applications running as admin on the user's desktop. For this reason, services nowadays run their GUI code with user privileges and communicate with the privileged code through pipes.

This issue is unfixable since the vulnerability exists by design, however it's contained to the software running in a single desktop. In multi-user windows environments different users have different desktops and even different windowstations and this isn't an issue. The secure desktop invoked through Ctrl-Alt-Del is unaffected and the gui stuff there cannot be taken over, same applies for screensavers. Except on w9x, ofcourse :)

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #10 on: 13 February 2006, 20:31 »
Quote from: piratePenguin
http://security.tombom.co.uk/shatter.html

Does anyone know if MS has fixed that exploit since?

Great article ... :thumbup: ... I suppose the exploit is not fixable, at least from the info I'm getting.

muzzy

  • Member
  • **
  • Posts: 391
  • Kudos: 409
    • http://muzzy.net/
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #11 on: 13 February 2006, 20:40 »
Yea, it cannot be fixed as long as win32 api is being used. However, as more and more applications move onto .NET, the whole win32 subsystem might become obsolete in the future. With that, its design flaws will also vanish into oblivion.

worker201

  • Global Moderator
  • Member
  • ***
  • Posts: 2,810
  • Kudos: 703
    • http://www.triple-bypass.net
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #12 on: 14 February 2006, 00:31 »
Quote from: muzzy
Yea, it cannot be fixed as long as win32 api is being used. However, as more and more applications move onto .NET, the whole win32 subsystem might become obsolete in the future. With that, its design flaws will also vanish into oblivion.

That's going to be a long time in the future - I don't think Windows98, Windows2000, and WindowsXP are going anywhere.  The marginal benefits of upgrading aren't looking good so far.

muzzy

  • Member
  • **
  • Posts: 391
  • Kudos: 409
    • http://muzzy.net/
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #13 on: 14 February 2006, 01:09 »
I don't know anyone anymore who still runs win98 for any real purpose. Well, I think my sister might still use it on one system since she has hardware that doesn't have drivers for anything else. Or perhaps even she doesn't, not sure. The point is, win98 is basically gone already.

Win3.x and ms-dos are still used in many commercial settings, especially in systems that aren't networked. However, this is done for applications. For generic use, home users and commercial workstations, the w9x line is already in the past.

Also, there's .NET framework for current windows systems, which means people can move to .NET systems without changing their OS. The point is, when enough software is on .NET the underlying OS can be completely changed. The real question is, how much everyday software is going to move to the .NET platform and how soon?

The .NET framework has still some work to do, too. It's not very mature, you'll run into problems by trying to write even the simplest of applications. However, it's being worked on and in 2-4 years we'll have stable .NET platform with sensible APIs for writing real world applications. Another 2-4 years from that and microsoft will have ported their significant applications to .NET and by then we probably have stable GNU mono around as well.

Maybe :)

worker201

  • Global Moderator
  • Member
  • ***
  • Posts: 2,810
  • Kudos: 703
    • http://www.triple-bypass.net
Re: MS Anti-Spyware: Norton Antivirus is a trojan!
« Reply #14 on: 14 February 2006, 02:42 »
Quote from: muzzy
I don't know anyone anymore who still runs win98 for any real purpose. Well, I think my sister might still use it on one system since she has hardware that doesn't have drivers for anything else. Or perhaps even she doesn't, not sure. The point is, win98 is basically gone already.


So sorry, but I believe you are quite mistaken.  I know lots of people who run Windows 98.  In 100% of those cases, it is because their computers couldn't handle a higher version, either because of poor processor power, or low RAM.  Mostly, these people use their computers for records-keeping and WalMart-software.  But they are still computer users.  And the marginal cost of buying a P3 with 256MB RAM is more than the marginal benefit of increased performance.  Relatively low income households, is what I am talking about here.

Admittedly, when I have to use (or more likely "fix") these people's computers, I feel all icky and wonder what the fuck they are doing with such a piece of shit.  But does that mean they should be totally written off when it comes to support and protection?  I don't think so.  
I am uninterested in denying the technologically underpriveleged the right to information.