gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
74991 Posts in 13106 Topics by 2620 Members - Latest Member: dak4482 December 08, 2016, 08:00:41 PM
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Google security researcher excoriates TrendMicro for critical AV defects
gfx
gfxgfx
 

Author Topic: Google security researcher excoriates TrendMicro for critical AV defects  (Read 139 times)

0 Members and 1 Guest are viewing this topic.

Quote
Antivirus provider TrendMicro has released an emergency product update that fixes critical defects that allow attackers to execute malicious code and to view contents of a password manager built in to the malware protection program. The release came after a Google security researcher publicly castigated a TrendMicro official for the threat.

Details of the flaws became public last week after Tavis Ormandy, a researcher with Google's Project Zero vulnerability research team, published a scathing critique disclosing the shortcomings. While the code execution vulnerabilities were contained in the password manager included with the antivirus package, they could be maliciously exploited even if end users never make use of the password feature. Those who did use it were also susceptible to hacks that allowed attackers to view hashed passwords and the plaintext Internet domains they belonged to.

"I don't even know what to say—how could you enable this thing *by default* on all your customer machines without getting an audit from a competent security consultant?" Ormandy wrote in an exchange with a TrendMicro official. "You need to come up with a plan for fixing this right now. Frankly, it also looks like you're exposing all the stored passwords to the internet, but let's worry about that screw up after you get the remote code execution under control."

http://arstechnica.com/security/2016/01/google-security-researcher-excoriates-trendmicro-for-critical-av-defects/

I don't think I've ever used a paid anti-virus, this just goes to show a pricetag doesn't give any more protection.
At the moment I use avast and a periodic online scan, I think I used pandasecurity last time.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Google security researcher excoriates TrendMicro for critical AV defects
 

gfxgfx
gfx
©2005-2016 WinMXWorld.com. All rights reserved.
SMF 2.0.12 | SMF © 2016, Simple Machines
Page created in 0.039 seconds with 22 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!