NSA hacking Security Software, i.e. Avast

An internal 2010 presentation on the monitoring program, known as “Project CAMBERDADA,” mentions 23 foreign anti-virus firms apart from Kaspersky such as Avast, F-secure, and Check Point. Major American and British companies are excluded, such as McAfee, Symantec and Sophos.
http://appleinsider.com/articles/15/06/22/documents-show-nsa-gchq-launched-attacks-against-anti-virus-software-makers

This is not good. Do you have any info on this as it names Avast directly.

Old news.
This has been known for years already.

Also see https://forum.avast.com/index.php?topic=19387.msg1226115#msg1226115 for more information and another link.

This by all accounts goes back as far as 2008 (as Eddy said “This has been known for years already.”) and going on for years.

The slide only lists known AVs as potential targets… I guess it may be better to be on that list than to be missing (to be missing could imply there’s no need to target those, as they have already been dealt with) ;D

Anyway, I don’t see any need for “hacking” here (in the network sense)… if you want to check if a particular antivirus detects a specific virus or not, you can just install the product and scan your file. If you want to find out how it works, you can install it and spend a lot of time on reverse engineering the code; there’s no way to prevent that. Getting undetected virus samples? Come on, you crawl the web or monitor some mail servers and you’ll have plenty of them (plus, there’s sample exchange going on between antivirus companies, and law enforcement may be included, so you really don’t have to hack them all if you want the samples).

Of course I can’t rule out security issues in our, or any other product - that’s why we have the bug bounty program.

Hi SwampMonster,

Through this general message here: http://www.badphorm.co.uk/
you can read and understand how the general situation has worsened by a great extent
over the years under the guise of “Upholding Imperial Security”.

In these respects the user position on the Interwebs has been totally and utterly eroded
and brought back to a postion of a sort of “click-cattle” exclusively there to bring in greater revenue
and being monitored to stay within the bounderies set out for them.

What you are referring to are just smoke-screens to lead away
from the right interpretation of the overall situation,
contrary to privacy and security as sides of the same medal.

polonus

P.S. A more practical tip is to use a good ad-blocker and a decent script blocker - like uBlock Origin (with particular susbscriptions) and uMatrix or NoScript and RequestPolicy extensions in Firefox.
Here an example of a destination that I certainly would block also in the light of what was reported in this thread:
uMatrix has prevented the following page from loading:
htxp://a.oix.net/services/invite?eorig=FgB4AcsoKSmw0tfPTczM0atMzMjP10vOz9UHAFvrB-Y.&tok=33Ezjb-8voik9V1LOgvdSQAB And then I would click to Go back!

Interesting background read: https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/

Damian

Just 4 days ago Google found up a critical hole in the shadow stack of ESET AV.
This touches all the ESET Anti-Virus Products. If a Google researcher can find this, a NSA re-engineer might have stumbled upon such a weakness earlier. In that case they sat on it and did not share the security implications with the world. This is just one example of how software could have been flawed to make monitoring an easier task. So privacy in a sense is non-existent as things might look cosy, hug and snug on the front-end, but one does not know what parties have access to data you might not want to share.

polonus

Hi

The users of Avast must be aware that, unless they disabled it, their Antivirus uses its own certificates to decrypt the https connections and “live” analyses its content. Check https://security.stackexchange.com/questions/73476/why-is-avast-web-mail-shield-root-listed-as-ca-for-google-com for example. Now, imagine what could be done by the NSA (or whoever) if they could also read these (decrypted) data… Just saying…

The decryption is done only locally, and every computer uses a different MitM certificate, randomly generated.
So to read that decrypted data, you need to have access to the computer, on quite a low level - and if that’s the case, it doesn’t matter if the traffic is decrypted or not (it is decrypted anyway a fraction of a second later, in the requesting program, with or without Avast).

Thank you, igor, for explaining and setting our minds at ease on this one.
Avast, much better secured than for instance Bitdender is for some of their services.
After Lenovo’s Superfish debacle more and more users question security,
but Avast does not have such a flaw.

polonus

And for all others claims, users could read here to learn the difference between truth and poisoning marketing :slight_smile: Believe me, it’s very elucidative :wink: