Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2024-10-01 01:35:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

FIxed Research link

Browse Source
This commit is contained in:
Tommy 2022-07-27 09:46:05 -04:00 committed by tommytran732
parent cafb20949e
commit dace4ba89c
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
2 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/knowledge/Badness Enumeration.md
View File

@ -23,7 +23,7 @@ Overall, adblockers weaken your security for dubios privacy benefits. You are be
## Antiviruses
Antiviruses are highly privileged processes with access to virtually all of your files and data, parsing through them trying to find something that matches a known bad signature. Beyond the fact that you need to trust the Antivirus company and that the signature list will never have all of the malware in existence, a vulnerable parser could lead to a system compromise. The [Abusing File Processing in Malware Detectors for Fun and Profit](/researches/Suman-Jana-and-Vitaly-Shmatikov.pdf) research paper by Suman Jana and Vitaly Shmatikov discusses this in detail.
Antiviruses are highly privileged processes with access to virtually all of your files and data, parsing through them trying to find something that matches a known bad signature. Beyond the fact that you need to trust the Antivirus company and that the signature list will never have all of the malware in existence, a vulnerable parser could lead to a system compromise. The [Abusing File Processing in Malware Detectors for Fun and Profit](/researches/Abusing-File-Processing-in-Malware-Detectors-for-Fun-and-Profit.pdf) research paper by Suman Jana and Vitaly Shmatikov discusses this in detail.
The proper way to deal with untrusted applications is not to scan them with an Antivirus, but to confine them in such a way that even if they were maicious, they cannot do much damage at all. This has already been achieved on secure mobile operating systems like Android and iOS. Typically, attacks against these systems require an operating system level exploit chain, or for the user to actually mess up and grant an app access to sensitive data. On desktop operating systems, you should utilize virtualization to contain untrusted applications in their own virtual machine. This can be done with a system like Qubes OS, the [Windows Sandbox](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview), or just general KVM / HyperV Virtual Machines.

0
static/researches/Abusing File Processing in Malware Detectors for Fun and Profit.pdf → static/researches/Abusing-File-Processing-in-Malware-Detectors-for-Fun-and-Profit.pdf
View File