New Tool Protects You From Antivirus Gone Wild
German security firm releases product to plug little-known but dangerous holes in AV and email security
German security firm n.runs AG has released a security tool that protects antivirus tools from being abused by malware. N.runs built the product after discovering flaws in the parser engines of antivirus and host-based IDS/IPS scanners that could cause these server-based tools to turn on their users. (See Researchers: Bugs Can Turn Security Tools Against Their Users and Antivirus, IDS/IPS Tools Can Be Used for Attacks.)
The new Application Protection System Anti-Virus (aps-AV) system sits in front of the email and AV servers. Aps-AV has been developed and conceived for the special security requirements of large enterprises and government-related contractors or organizations. [But its also for] anybody that needs a high level of security and protection from zero-day threats, says Thierry Zoller, security engineer for n.runs.
Zoller and Sergio Alvarez, head of research at n.runs, last year discovered hundreds of cases of two types of parser engine bugs in security scanners -- one that let attackers sneak malware past these security tools, and a code execution bug that can read and send email from a victims email server to open a backdoor into the network. The vulnerabilities also left the door open for denial-of-service attacks, and for AV tools to help execute malicious code.
The problem with these little-known parser flaws is that they make a layered, defense-in-depth strategy backfire on an organization, Zoller says. N.runss aps-AV is aimed at plugging those holes in the email and AV infrastructure, he says, and uses an organizations existing AV tools. But aps-AV takes potentially malicious data offline to a secure environment for inspection or analysis. That stops parsing attacks from occurring, according to n.runs.
N.runs or one of its partners provides a custom installation of aps-AV, which is priced on an individual basis, according to the firm.
Kelly Jackson Higgins, Senior Editor, Dark Reading
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full BioMore Insights