Avast Vulnerability

Avast Free Antivirus / Premium Security
1

Can Avast support comment on when this vulnerability will be fixed:

http://www.securityfocus.com/bid/17158/info

TIA.

Regards

John

2

What a vague report that is!

I surmise from it that it relates to NTFS systems only (and is hosted on a site that likes to discredit Avast. It has Symantec logos on the page) and to Avast’s own def files only. Quite what the exploit for this permission changing would be is not clear.

That said, latest release notes for Avast don’t even mention this “issue”.

3

Please don’t surmise as facts are what are requested and required.

Security Focus is recognised as one of the main security sites out on the internet. It is a trusted source. As far as I know it has nothing to do with Symantec. Oops! Correction required as it is indeed owned by Symantec - see http://www.securityfocus.com/about for details. However, this doesn’t instantly discredit SecurityFocus as a credible source.

To say this is some conspiracy by another AV vendor is inappropriate and unhelpful. I’m an Avast advocate but I understand that no software is 100% secure and Avast is no different! I’d even go so far to say that I’m completely and utterly anti-Symantec.

I receive a number of security newsletter from credible security sources and all of them are reporting this issue. Other security websites are also reporting the vulnerability:
http://secunia.com/advisories/19284/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1355

It does indeed look like a permissions problem in versions of Windows that use NTFS. Basically, it looks like Avast files can be replaced by malware, even if the user is running under limited privledge. This could be a very serious vulnerability if targetted by malware or viruses. It opens up an attack vector that could render Avast useless in the protection stakes or even worse replace it with a nasty!

I’d like for some timescales when this will be resolved so I know when my Avast customers will be safe.

Regards

John

4

See this post from a member of the avast team:

http://forum.avast.com/index.php?topic=19862.msg166865#msg166865

also see this post from the reporter of the problem:

http://forum.avast.com/index.php?topic=19862.msg166957#msg166957

I believe around that time the timescale for the next release was quoted as being “within a few weeks”.

5

Roundtrip, like Alanrf said… yes, there is this vulnerability that will be corrected in two - three weeks: next major update.

6

Hi roundtrip,

You could see about it yourself, using ShareEnum, here:
http://www.sysinternals.com/Utilities/ShareEnum.html
Like to hear what it finds there?

polonus

7

I would if I was running Avast on my laptop currently. It is running an evaluation copy of NOD32 ;).

Thanks for all the information, especially the link to the support forum thread.

Seems like a long timescale for a security vulnerability to be patched. There may well be malware written to take advantage of this in days!