Vault 7 wikileaks docs hint cia could bypass 21 security products(Avast and AVG)

BeSecure · 2017-03-09T07:23:14.000Z

The list covers almost all major antivirus vendors, including Comodo, Avast, Kaspersky, AVG, ESET, Symantec, and others.
Bypass and exploit techniques were only listed for three vendors: F-Secure, Avira, and AVG (partial info).
https://www.bleepingcomputer.com/news/security/vault-7-wikileaks-docs-hint-cia-could-bypass-21-security-products/

TrueIndian · 2017-03-09T11:04:41.000Z

Be Secure post:1:

The list covers almost all major antivirus vendors, including Comodo, Avast, Kaspersky, AVG, ESET, Symantec, and others.
Bypass and exploit techniques were only listed for three vendors: F-Secure, Avira, and AVG (partial info).
https://www.bleepingcomputer.com/news/security/vault-7-wikileaks-docs-hint-cia-could-bypass-21-security-products/

I have read everything about the leaks and they yet haven’t mentioned any holes in avast as such.

And if you dig a bit you will find lot av vendors saying the holes were minor and some were years old.

Anyway Vlk (CTO) has explained it:
https://www.google.co.in/amp/sanfrancisco.cbslocal.com/2017/03/08/wikileaks-cia-documents-antivirus-software-reviews/amp/

system · 2017-03-10T06:53:51.000Z

yea . i found other security forum also discuss this hot topic

Eddy · 2017-03-10T08:07:17.000Z

I’ve read several of those articles at Wikileaks and only things I’ve seen are 2 year and older things that do not apply anymore.

system · 2017-03-10T12:53:40.000Z

Eddy post:4:

I’ve read several of those articles at Wikileaks and only things I’ve seen are 2 year and older things that do not apply anymore.

Two years from now you will read about today’s vulnerabilities being exploited!

bob3160 · 2017-03-11T00:50:59.000Z

John712 post:5:

Eddy post:4:

I’ve read several of those articles at Wikileaks and only things I’ve seen are 2 year and older things that do not apply anymore.

Two years from now you will read about today’s vulnerabilities being exploited!

So in 2 years we’ll find out who’s right.

Chim · 2017-03-11T02:19:01.000Z

John712 post:5:

Two years from now you will read about today’s vulnerabilities being exploited!

Exactly. Just because those OLD vulnerabilities in question have by now been fixed, it doesn’t mean new ones don’t exist. In fact, it’s pretty much a certainty that they do.

For example … Right now regular people, as evidenced by the discussions here in these forums, are finding a myriad of bugs in the current avast version — avast 17. Just imagine what a CIA could do! :o

bob3160 · 2017-03-11T13:46:39.000Z

Chim post:7:

John712 post:5:

Two years from now you will read about today’s vulnerabilities being exploited!

Exactly. Just because those OLD vulnerabilities in question have by now been fixed, it doesn’t mean new ones don’t exist. In fact, it’s pretty much a certainty that they do.

For example … Right now regular people, as evidenced by the discussions here in these forums, are finding a myriad of bugs in the current avast version — avast 17. Just imagine what a CIA could do! :o

Do about what ??? There first needs to be something that makes you vulnerable.

avastuser4118 · 2017-03-11T16:35:25.000Z

bob3160 post:8:

Chim post:7:

John712 post:5:

Two years from now you will read about today’s vulnerabilities being exploited!

Exactly. Just because those OLD vulnerabilities in question have by now been fixed, it doesn’t mean new ones don’t exist. In fact, it’s pretty much a certainty that they do.

For example … Right now regular people, as evidenced by the discussions here in these forums, are finding a myriad of bugs in the current avast version — avast 17. Just imagine what a CIA could do! :o

Do about what ??? There first needs to be something that makes you vulnerable.

And who really means, that they are better than we are?

TrueIndian · 2017-03-11T16:43:20.000Z

To be more accurate,the bugs reported to the forum are in regards to stability and other non-security related.

The bugs that CIA reports are old and need additional work to make them usable.Many antivirus firms dismissed the bugs by saying they were fixed long ago and the vulnerability was found in AVG not in avast and vlk already mentioned that it is not something that is major and would need additional work to get around AVG.But that wouldn’t be a issue considering the current state of AVG operations.

Chim · 2017-03-12T02:02:59.000Z

bob3160 post:8:

Do about what ??? There first needs to be something that makes you vulnerable.

My thinking / wondering out loud angle is: If there are this many bugs with seemingly regular aspects, or as TrueIndian put it, “stability and other non-security related” areas of avast, why would it be incomprehensible to accept the possibility that there can be vulnerabilities hidden away in some deep areas of avast and that as of yet, no one from avast and no one who frequents tech forums has happened upon them?

Example #1: If say a software like Windows (ALL versions to date) could somehow be designed and developed to where now it was possible to make it be absolutely 100% SAFE today and from this point on, there would have never been the need for the perennial Update Tuesday. True, not all updates are to fix vulnerabilities, but many are.

Example #2: Say you have hired a contractor to build you a house. You periodically go check out their work progress. Say you see various cases of unsatisfactory workmanship in areas that are easily obvious. Wouldn’t it make you wonder what workmanship is hidden behind the sheetrock in the walls and under the floor concrete, etc.? Just because we can’t see a problem, it doesn’t mean it isn’t there.

Example #3: Say your vehicle had some serious issue that necessitated a recall campaign to fix it 2 years ago. Just because that was an “old” issue and was fixed by the recall, that does not mean there cannot be another serious issue pop up that requires another recall next month or next year or in 2 years. Maybe even various more issues necessitating recalls.

Anyway, don’t worry. I like avast. I’m very happy with it. We can’t ignore though that it’s been said on these very forums time and again, " No anti-virus can find ALL malware."

Chim · 2017-03-12T02:14:40.000Z

=Snake= post:9:

And who really means, that they are better than we are?

We might not know for a fact that the CIA is better than the avast Devs … but we don’t know for a fact that they aren’t either.

And NOTHING is to say that the info that was leaked on WikiLeaks is complete as to what ALL they know about how to get around all the various anti-viruses. It could very well be just sample tidbits.

Heck, it could all be misdirection.

Anyway, that said, avast is great. I’m not gonna freak out by the WikiLeaks info and go searching for some other anti-virus.

RejZoR · 2017-03-12T06:05:49.000Z

They don’t say which versions. They might as well be talking about versions prior Behavior Shield, DeepScreen and avast!'s cloud. Because with all this, whatever they use, it’ll eventually come in front of a malware analyst. Or it’ll just be captured by the system automatically.

BeSecure · 2017-03-12T06:26:13.000Z

Intel Security (McAfee) Releases Rootkit Scanner Following Vault 7 CIA Leak
https://www.bleepingcomputer.com/news/security/intel-security-mcafee-releases-rootkit-scanner-following-vault-7-cia-leak/

Announcements