Author Topic: Vulnerabilities discovered by Rack911 Labs!  (Read 3195 times)

0 Members and 1 Guest are viewing this topic.

Offline fvmb

  • Full Member
  • ***
  • Posts: 117
  • Being a teacher implies that we stay learning!
Vulnerabilities discovered by Rack911 Labs!
« on: May 01, 2020, 01:44:15 PM »
Hi,

I would like to know by any avast staff. Is this is true?

And which vunerabilities are publicly disclosed?

And as this vunerabilities fixed somehow ?

https://www.gizchina.com/2020/04/27/these-28-popular-antiviruses-have-critical-security-vulnerabilities/

Kind Regards,
Filipe

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #1 on: May 01, 2020, 02:04:07 PM »
This is what I just received from Avast.
"The scenario described in the article does not apply to Avast or AVG Antivirus (free or paid) products
because checks performed by the Avast and AVG File Shield would detect and block the attack."
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline fvmb

  • Full Member
  • ***
  • Posts: 117
  • Being a teacher implies that we stay learning!
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #2 on: May 01, 2020, 03:00:38 PM »
This is what I just received from Avast.
"The scenario described in the article does not apply to Avast or AVG Antivirus (free or paid) products
because checks performed by the Avast and AVG File Shield would detect and block the attack."

That´s good to hear. Thanks bob. So they must had checked and confirmed that it is detected by the field shield.

Filipe

Offline MRTMN

  • Jr. Member
  • **
  • Posts: 22
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #3 on: May 01, 2020, 11:51:26 PM »
The researchers specifically name Avast as being vulnerable. They write of a list that includes Avast:

Quote
The lists above are the antivirus products that we directly tested and sent off individual vulnerability reports for that were confirmed by the vendors.

Report link here: https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/

Yo Avast, we need more detail on this: Are they lying?
« Last Edit: May 02, 2020, 12:42:44 AM by MRTMN »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #4 on: May 01, 2020, 11:58:09 PM »
The researchers specifically name Avast as being vulnerable. They write of a list that includes Avast:

Quote
The lists above are the antivirus products that we directly tested and sent off individual vulnerability reports for that were confirmed by the vendors.

Report link here: https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/

Are they lying?
Since we don't know under what terms they did their test, there is no way to know.
I'm simply passing along what Avast released and asked to pass along on the forum.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline MRTMN

  • Jr. Member
  • **
  • Posts: 22
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #5 on: May 02, 2020, 12:40:33 AM »
Quote
Since we don't know under what terms they did their test, there is no way to know.
I'm simply passing along what Avast released and asked to pass along on the forum.

Sorry Bob, that was directed at whatever Avast reps are on these forums - not you. No hostility intended. I'll edit my post to clarify.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #6 on: May 02, 2020, 12:46:37 AM »
Quote
Since we don't know under what terms they did their test, there is no way to know.
I'm simply passing along what Avast released and asked to pass along on the forum.

Sorry Bob, that was directed at whatever Avast reps are on these forums - not you. No hostility intended. I'll edit my post to clarify.
No hostility take.
My reply was a direct quote from an Avast employee.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline techsupportdept

  • Newbie
  • *
  • Posts: 2
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #7 on: May 05, 2020, 01:03:19 PM »
I got notification this morning via a Kim Komando newsletter, and this has me concerned as I've always recommended Avast Free for my non-commercial customers. I guess I'm looking for an unequivocal statement... is Avast Free safe from this exploit?

As far as how they did their test, apparently they've been trying to communicate this for months and only recently opted to go public.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #8 on: May 05, 2020, 03:01:53 PM »
I got notification this morning via a Kim Komando newsletter, and this has me concerned as I've always recommended Avast Free for my non-commercial customers. I guess I'm looking for an unequivocal statement... is Avast Free safe from this exploit?

As far as how they did their test, apparently they've been trying to communicate this for months and only recently opted to go public.
https://forum.avast.com/index.php?topic=233871.msg1545064#msg1545064
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline MRTMN

  • Jr. Member
  • **
  • Posts: 22
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #9 on: May 06, 2020, 03:17:06 PM »
I got notification this morning via a Kim Komando newsletter, and this has me concerned as I've always recommended Avast Free for my non-commercial customers. I guess I'm looking for an unequivocal statement... is Avast Free safe from this exploit?

As far as how they did their test, apparently they've been trying to communicate this for months and only recently opted to go public.

Rack911 has indicated that Avast IS vulnerable if the logged in account (in windows) is a local admin, which most users on home and SBO machines are. We're getting very mixed messages on this.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #10 on: May 06, 2020, 04:06:47 PM »
I got notification this morning via a Kim Komando newsletter, and this has me concerned as I've always recommended Avast Free for my non-commercial customers. I guess I'm looking for an unequivocal statement... is Avast Free safe from this exploit?

As far as how they did their test, apparently they've been trying to communicate this for months and only recently opted to go public.

Rack911 has indicated that Avast IS vulnerable if the logged in account (in windows) is a local admin, which most users on home and SBO machines are. We're getting very mixed messages on this.
You left out the most important part of what I posted. The reply from Avast.
https://forum.avast.com/index.php?topic=233871.msg1545064#msg1545064


Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline MRTMN

  • Jr. Member
  • **
  • Posts: 22
Re: Vulnerabilities discovered by Rack911 Labs!
« Reply #11 on: May 07, 2020, 02:55:45 PM »
I got notification this morning via a Kim Komando newsletter, and this has me concerned as I've always recommended Avast Free for my non-commercial customers. I guess I'm looking for an unequivocal statement... is Avast Free safe from this exploit?

As far as how they did their test, apparently they've been trying to communicate this for months and only recently opted to go public.

Rack911 has indicated that Avast IS vulnerable if the logged in account (in windows) is a local admin, which most users on home and SBO machines are. We're getting very mixed messages on this.
You left out the most important part of what I posted. The reply from Avast.
https://forum.avast.com/index.php?topic=233871.msg1545064#msg1545064




In my conversations with Rack911, they have explicitly said that Avast's claim is not accurate, especially if logged in on an account with local admin privileges (which most windows home and SBO users are doing).