Google Security Researcher Criticizes Trendmicro For Critical AV Defects

Google Security Researcher Criticizes Trendmicro For Critical AV Defects

Google Security Researcher Criticizes Trendmicro For Critical AV Defects

Google’s security researcher, Tavis Ormandy, has discovered a new set of bugs in Trend Micro’s Windows antivirus product, which poses a grave security risk to those who install Trend Micro Antivirus. This is really very shameful for Trend Micro that leads the global market in the field of antivirus cloud computing security.

 

While installing Trend Micro Antivirus on Windows, Ormandy discovered that the software also installed a password manager which would subsequently launch a startup command box. This startup command dialogue box would further comprise a “feature” that enabled arbitrary code execution. This entire program exposes your system to several significant security risks, especially for users who are not even aware of the extent to which this software had access.

 

Following is a thread of multiple messages that pretty much summarizes Ormandy’s disappointment on this subject:

 

“Thanks Jean, I ran this on top of a Trend Micro Maximum Security 10 installation, and it looks like this fixes the most critical problem. Honestly, this thing still looks pretty fragile, I haven’t looked through the dozens of other API’s you’re exposing – and some just sound really bad

I happened to notice that the /api/showSB endpoint will spawn an ancient build of Chromium (version 41) with –disable-sandbox. To add insult to injury, they append “(Secure Browser)” to the UserAgent.

This thing is ridiculous, wtf is this:

https://localhost:49155/api/showSB?url=javascript:alert(topWindow.require(“child_process”).spawnSync(“calc.exe”))

You were just hiding the global objects and invoking a browser shell…? …and then calling it “Secure Browser”?!? The fact that you also run an old version with –disable-sandbox just adds insult to injury.

I don’t even know what to say – how could you enable this thing *by default* on all your customer machines without getting an audit from a competent security consultant?

So this means, anyone on the internet can steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction. I really hope the gravity of this is clear to you, because I’m astonished about this,” he concluded.

 

What Trend Micro is doing to fix this problem?

 

While Trend Micro is currently focused on looking into ‘future improvements,’ they have made it their primary target to fix all the problems occurring for its Trend Micro Password Manager customers. The company has put in a substantial amount of effort to deliver their message across to the customers by expressing how they were unaware of the potential active attacks. The company especially appreciates Tavis Ormandy’s feedback, as per the post on their blog.

 

In fact, Trend Micro’s Budd even stated how the company works closely with security researchers who specialize in identifying any possible vulnerability that may prevail in the future. Their customer services have also been strongly emphasized on, just in case anyone wishes to report a bug.

 

Not the first time flaws detected in an anti-virus software

 

While Ormandy’s accusations regarding the software do raise numerous serious concerns, how does one truly judge the security of the so – called anti – virus software? It doesn’t seem like a satisfactory answer to this question, for this is the second time such a glitch has occurred in the anti-virus software. The first security flaw was discovered in AVG Web Tuneup software, uncertainty with regard to reliability and safety are increasing in the market.

 

An issue of this manner will not affect one, but several segments of the electronics market at the same time. If the same mistake is repeated twice, it will hold the potential of compromising endless computer systems, as well. These do not fall under the category of common security issues and pose serious threat to the security of the user. Attention must be paid soon to fix these loopholes before things go way out of hand.

Leave a Reply

Your email address will not be published. Required fields are marked *