wikileaks Most Major Antivirus Programs Bypassed By The CIA, Shows WikiLeaks Document

[Sylence]

Most Major Antivirus Programs Bypassed By The CIA, Shows WikiLeaks Document

 

 

 

 

WikiLeaks recently published thousands of documents that the organization said belongs to the CIA. Among them, there was a document that showed a list of antivirus and other security products that have been exploited and bypassed by the CIA. 

The list included the following software products:

• Comodo
• Avast
• F-Secure
• Zemana Antilogger
• Zone Alarm
• Trend Micro
• Symantec
• Rising
• Panda Security
• Norton
• Malwarebytes Anti-Malware
• EMET (Enhanced Mitigation Experience Toolkit)
• Microsoft Security Essentials
• McAfee
• Kaspersky
• GDATA
• ESET
• ClamAV
• Bitdefender
• Avira
• AVG

You probably recognize most, if not all, of the products on that list. The list includes Microsoft’s “Security Essentials” antivirus program, which was later converted into the built-in “Windows Defender” program in Windows 8 and later, as well as EMET, Microsoft’s anti-exploit security tool (mainly for enterprise users).

EMET was recently deprecated by Microsoft, because the company said that many of EMET’s anti-exploit features such as DEP, ASLR, Control Flow Guard (CFG), as well as other mitigations to bypass the User Account Control (UAC), were already built into Windows 10. 

 

 

 

 

Microsoft said that because the security features are built-in, they should offer better security than the ad-hoc security that EMET tried to provide. The CIA documents released by WikiLeaks date from 2014, before Windows 10 came out. Therefore, we don't know what new capabilities the CIA may have obtained since then, and whether or not the new Windows 10 security features were also bypassed.

Bypassing Antivirus Programs

The leaked documents pertaining to the list of antivirus programs that have been exploited by the CIA seem to have been redacted, likely by WikiLeaks. The organization said that it made over 70,000 redactions in total, mainly to remove harmful code (WikiLeaks has been accused in the past of “hosting malware” because the emails it released contained malware targeted at the recipients of the leaked emails), as well as personal details and IP addresses. However, it’s not clear why the organization removed the technical information about how most of the antivirus programs in the list were exploited.

 

 

COMODO

The CIA appears to give mixed praise to the anti-virus solution by Comodo, the self-described “global leader in cyber security solutions.”

One post by an apparent CIA hacker published by WikiLeaks said Comodo is “a colossal pain in the posterior. It literally catches everything until you tell it not to.”

Just don’t upgrade to Comodo 6.

That version “doesn’t catch nearly as much stuff,” the hacker appears to say, describing a particularly glaring vulnerability as a “Gaping Hole of DOOM.”

Melih Abdulhayoglu, Comodo’s chief executive, emphasized the first part of the post, saying that being called a pain by the CIA was “a badge of honor we will wear proudly.” In a statement, he said that the vulnerability described by the CIA was obsolete. Comodo 6 was released in 2013; Comodo 10 was released in January.

 

 

KASPERSKY LAB

This is one of the world’s leading providers of security protection. But it may not keep you safe from the CIA.

A flaw in the code “enables us to bypass Kaspersky’s protections,” according to another post .

Founder Eugene Kaspersky dismissed the comment, saying in a Twitter message that the flaw identified in the CIA leak was fixed “years ago.”

A statement from his company said a second flaw apparently identified by the agency was fixed in December 2015.

 

 

AVIRA

A CIA hacker appears to say that this German-engineered anti-virus product is “typically easy to evade.”

The firm said in a statement that it had fixed what it described as “a minor vulnerability” within a few hours of the WikiLeaks release.

It added that it had no evidence that any of its users had been affected by the bug.

 

 

AVG

The CIA apparently had a trick to defeat AVG that was “totally sweet.”

Ondrej Vlcek, the chief technology officer for AVG’s owner, Netherlands-based Avast, said that the CIA appeared to be discussing a “theoretical bypass” of AVG’s scanning engine which would have required additional work to successfully deploy as malicious software.

“We would not consider it critical,” he said of the issue. Speaking via email, he added that it seemed the post was written “some time” ago.

“This is in fact not an issue today given the current operation of the AVG products,” he said.

 

 

F-SECURE

One CIA hacker appeared to be particularly scathing about this Finnish firm’s security software. It’s a “lower tier product that causes us minimal difficulty,” one apparent hacker said .

F-Secure noted that the company was described elsewhere , along with Avira, as an “annoying troublemaker.” It said there was a broader point to be made about the CIA’s apparent decision not to warn anti-virus companies about the flaws in their products.

The agency “considered it more important to keep everybody unsecure … and maybe use the vulnerability for its own purposes or counter terrorism purposes,” F-Secure’s chief research officer Mikko Hypponen said in a statement.

 

 

BITDEFENDER

The posts aren’t complete enough to say for sure, but Bitdefender, a Romanian anti-virus product, seemed to cause CIA hackers a lot of trouble.

One post appears to suggest that Bitdefender could be defeated by a bit of tinkering.

Or maybe not.

“Alas, we’ve just tried this,” a response to the post said. “Bitdefender is still mad.”

Bitdefender representative Marius Buterchi said the only conclusion to draw was that “we are detecting the CIA tools.”

 

 

 

Tomshardware

cbslocal

 

[knowledge-Spammer]

Kaspersky  fixed  ?

[Sylence]

1 minute ago, knowledge said:

Kaspersky  fixed  ?

 

If we're to believe Eugene Kaspersky then yes

[knowledge-Spammer]

1 minute ago, saeed_dc said:

 

If we're to believe Eugene Kaspersky then yes

cant see y he lie about it  if he say he fixed it in 2015 now its 2017

Eugene is smart man

 

[Sylence]

Just now, knowledge said:

cant see y he lie about it  if he say he fixed it in 2015 now its 2017

Eugene is smart man

 

 

Yes. I believe him since I'm using his product to provide security.

[tao]

Webroot SecureAnywhere is secure! 

[oliverjia]

33 minutes ago, adi said:

Webroot SecureAnywhere is secure! 

 

Not necessarily true.

Truth is, no one gives a xx about WSA, not to mention using it.

[tao]

9 minutes ago, oliverjia said:

... Truth is, no one gives a xx about WSA, not to mention using it.

In jest:

 

No one, eh?

 

According to Nsaneforums posting guidelines:  No post shall be made without it having a truthful persona, i.e, true or not, but, it must appear to be true.  

 

Again: in jest (no offense intended). 

 

[knowledge-Spammer]

6 hours ago, saeed_dc said:

 

Yes. I believe him since I'm using his product to provide security.

 

[jango]

how about Emsisoft ?

[Sylence]

16 hours ago, adi said:

In jest:

 

No one, eh?

 

According to Nsaneforums posting guidelines:  No post shall be made without it having a truthful persona, i.e, true or not, but, it must appear to be true.  

 

Again: in jest (no offense intended). 

 

 

did you yourself understand what you just said? lol

[tao]

2 hours ago, saeed_dc said:

did you yourself understand what you just said? lol

भाई  Saeed_dc, What matters is how you understand. 

Everyone perceives the (same) world differently. 

That is the beauty of our world!  Cheers! 

[MayJoko]

I have to say, having seen process managers capable of actually closing antivirus software and not getting "access denied" was shocking, I did this recently with kaspersky KIS 2017.

 

So if something gains elevation and uses the proper hooks it isn't unfathomable to me that it could be done easily, granted, closing it would be noticed by the user, by then it would be too late.

[Sylence]

18 hours ago, MayJoko said:

I have to say, having seen process managers capable of actually closing antivirus software and not getting "access denied" was shocking, I did this recently with kaspersky KIS 2017.

 

So if something gains elevation and uses the proper hooks it isn't unfathomable to me that it could be done easily, granted, closing it would be noticed by the user, by then it would be too late.

 

Can't close KIS 2017 while self defense is on