A failure in ESET antivirus has jeopardized the safety of its users

The concept of computer security and antivirus is changing. For many years, antiviruses have been protecting our computers from the abundant malware and unwanted software circulating on the network, and it was crazy to connect to the network without an antivirus. However, this concept is changing and, in a short time, we have seen how antiviruses, those who have protected us for so many years, are becoming our worst threat.

ESET Endpoint Antivirus 6 tries to activate its license, the antivirus daemon, executed as root, sends a request to the ESET server

In recent months we have seen how Microsoft has significantly improved the security of Windows 10, operating system that is able to protect itself from threats such as ransomware, which even the most prestigious antivirus on the market have managed to protect. In addition, Windows Defender continues to improve and evolve to become the ultimate security suite for Microsoft users, starting to sow fear among security companies that precisely live from it.

 

It is not the first time that antivirus compromise the security of users by a series of bugs in their programming, and probably will not be the last. This time, the protagonism takes ESET Internet security, specifically the ESET Endpoint Antivirus version 6.

The failure of ESET Endpoint Antivirus 6 mainly affects the process of activating the antivirus in macOS

A security breach discovered in November 2016, but hidden for security reasons to this day, registered as CVE-2016-9892 , has been endangering users of this security solution by opening a breach in systems that Could allow remote code execution with root permissions on systems.

The bug in question was in the library used by the XML parser that did not authenticate correctly on the server. In this way, when ESET Endpoint Antivirus 6 tries to activate its license, the antivirus daemon, executed as root, sends a request to the ESET server. This daemon does not check the certificate on that server again. In this way, if an attacker intercepts the traffic and signs it with its own self-signed HTTPS certificate, the antivirus engine does not check and process what it receives, thus allowing the execution of code with the same level of privileges, ie , Root.

 

The security company has already addressed this bug in the new version 6.4.168.0 of ESET Endpoint Antivirus 6. Windows users have not been affected by this security breach. In addition, from ESET ensure that the response time from discovery to solution has been minimal, so no user has been affected by the failure.

In addition, from the security company remember the importance of keeping security software (and software in general) always updated.

It is becoming more dangerous to have an antivirus installed!

As we have been seeing for several months, the security of commercial antivirus is more than in question. Microsoft knew that this time would come sooner or later and so it has worked hard to improve its Windows Defender antivirus and turn it into a true security suite at the height of Windows, that is, at the height of an operating system that spans close Of 95% of the world market share.

From SoftEview we recommend you, if you have installed Windows 10, give Windows Defender a chance as a basic system anti-virus since, although its potential will not reach for a month, in early April with the release of Windows 10 Creators Update , We are really happy with it after several months of testing in our work devices.

Do you think that antivirus is currently a threat to the security of computers?