Security Software From AVG, Symantec and McAfee Open To Hackers

[HardOCP News]

According to researchers, flawed uses of code hooking has introduced vulnerabilities that hackers can exploit in as many as fifteen products including those from big names like Symantec, McAfee and AVG.

Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use ‘hooking’ to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn’t otherwise or whose exploitation would have been difficult.

 

[the-one1]

Doesn't everything have a security hole anyways? What's one more.

 

[cyclone3d]

If it can be programmed, it can be hacked.

 

[Darunion]

Hmm and it being massively publicized both causes these companies to get pressure to fix it and also now makes more people with bad intents aware of this.

 

[DukenukemX]

What's an anti-virus? Is that a Windows thing?

 

[steakman1971]

I have a wife and 2 kids that are not safe computer users. I picked Symantec's software - just great to read news like this. I've also restricted their access on the systems they use.
Any suggestions to help control our users?