| Re: AVG updates grant full control to Everyone, changes owner? According to Grisoft's conference, new program version is prepared to be released and it also solves this problem.. Hope that definitely..:) |
|
|
|
 amysheehanPremium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
 ·RoadRunner Cable
1 edit | reply to redxii
It appears the 'fix' has been released by AVG.
SEE:
»www.grisoft.com/doc/28396/lng/us/tpl/tpl01
NOTE: Outlink:
»www.grisoft.com/linkout.php?doc=···19118%2F
 |
|
pslossPremium
join:2002-02-24
Alpharetta, GA | Probably going to take a little while to package for all the distribution channels...it's not showing up yet for the copy of the free version I just tried. I got one manual download of the 7.1.384 .bin file from the main site, but now there may be some contention issues doing that.
--
Feedback? e-mail: stuff@lupwa.org |
|
 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | said by psloss:Probably going to take a little while to package for all the distribution channels...it's not showing up yet for the copy of the free version I just tried. I got one manual download of the 7.1.384 .bin file from the main site, but now there may be some contention issues doing that. The update has only been released for the Pro version so far.
»AVG 7.1.384 Program Update
--
Write your questions down on the back of a $20 dollar bill and send them to me
Microsoft MVP/Windows Security 2004-2006 |
|
| I'm a AVG 7.1 Pro user. I just installed the new update this morning. Is there a way to tell if AVG fixed the permissions granted to the update files? |
|
 Luka1
join:2001-10-30
Index, WA | reply to EGeezer
Re: Coming - AV rootkits? said by EGeezer:This looks like a new opportunity - rootkitting AV programs. Wouldn't it be within malware technology to replace AV engine files with a rooted version of the AV engine that would ignore selected malware, open ports, make connections to bot controllers etc? Why disable AVs when they can "upgrade" them to their liking so the user could see an active AV they think is still protecting them? Opportunity.
This has me curious indeed, because of a recent event on my computer.
Somewhere around two weeks ago, AVG was doing it's regularly scheduled automatic update.
It showed to be downloading a file roughly 5830kb in size. (I can't remember the exact number.)
When that much was downloaded, it just kept right on downloading. By the time it was finished, there was more than 11000kb file size.
By the time I noticed what was happening, it was too late. It had already finished the download and started the process of updating.
All other functions of the computer locked up. I couldn't stop it. Then it rebooted without even asking me.
After the reboot...
Mailwasher and Process guard were both "new" again. None of my account info was there in mailwasher, and it wanted me to fill out that info. Process guard was in learning mode, and all of my settings/programs/etc were gone.
And... Now every time that I send out an email with Eudora, (set to offline mode, so I have to ok the single connection each time I send out an email)... I hit the ok for the connection, then the same message comes up again a second time and I have to hit ok for the connection again.
All of this started with that update to AVG... |
|
| reply to miraclemax203
Re: AVG updates grant full control to Everyone, changes owner? The AVG Pro has been fixed and build 384 also resets permissions of files that have their permissions incorrectly set by previous updates. As this was primarily an issue for corporate customers, we wanted to fix it as soon as possible for Professional users. Update for the Free edition will be released by the end of this week, i.e. in less then a week from when the problem has been disclosed.
It is a pity that the original reporter has not contacted us using the standard e-mail addresses that should be used in such cases (secure@grisoft.cz, security@grisoft.cz etc.) before publicly disclosing this issue. Neverthless, we did our best to release a fix as soon as possible because as minor a problem it was, it definitely was a security problem. |
|
| said by Karel Obluk :
It is a pity that the original reporter has not contacted us using the standard e-mail addresses that should be used in such cases (secure@grisoft.cz, security@grisoft.cz etc.) before publicly disclosing this issue. Neverthless, we did our best to release a fix as soon as possible because as minor a problem it was, it definitely was a security problem.
Well in defence of RedXII1234 I have to say that I aslo am a user of the free version and I have been tryinng to contact avg before, not about this issue but about other things and I have never been able to acctually find a e-mail adress that I can reach you on as a free user of avg, only the forums and web forms for paying customers
As for RedXII1234 trying or not trying to report this to you I dont have any knowledge about that.
--
I can also be found at the SWI Forums as Lappen
|
|
 redxiiPremium,Mod
join:2001-02-26
Sherwood, MI
 ·Clear Wireless
·Suddenlink
·Sprint Mobile Br..
Host:
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
AOL Broadband
2 edits | reply to Karel Obluk
secure@grisoft.cz and security@grisoft.cz ? Not even a Google search shows those e-mail addresses (and no, they are not obvious e-mail addresses). I suppose I couldn't get to the page with those email addresses if I had to enter a non-existant license key.
I'm wondering why no one caught it before.
'Nuff of this discussion anyhow.. |
|
Reviews:
·Comcast
 ·AT&T Midwest
1 edit | reply to redxii
Been watching this thread pretty much since inception, as I've 2 AVG Pro licenses, and 2 free ones (On seldom used W98 systems)....
It is nice to know that the problem was addressed in a timely manner... Thanks to the poster, and AVG folks...
The one thing that got my attention on AVG products was, even when I used the "Free" and "Evaluation" versions, before deciding to swtich from my previous AV, was the fact that I could CONTACT THE AV COMPANY..... AND THEY WOULD RESPOND!!!!! That was one of the Selling Points for me to swtich to AVG Pro.
Had Norton done this during multiple failed installs on two separate upgrades from 2000 to 2003/2003 versions, I might still be with them!!
I don't know if companies know of the real Public Relations worth of email support....
If we all were code genius's, we wouldn't need it, but when we do..... It is worth it's weight in GOLD!!
Thanks to all involved in making this program better!!!
--
Looking for 1939 Indian Motocycle |
|
| reply to redxii
have any of u guys tried using Steganos??? i used it when i spotted this alert (thanx RedxII) and it went right in and pulled the lot i found that my connection had already been compromised, but steg got rid of it all and also shredded all info 4 avg on my os and also online too.
then all i did was download another copy with the new definitions whilst still using stegs email security and that was that.... i rebooted...then uninstalled steg ...rebooted again...put avg back in and its been sorted ever since...
steganos r giving a free full install at the moment of suite 7.1.6 and also u can get the full trial of the latest full antivirus package on a try out for nothin at thier site... if its free....why not? its actually a very smooth prog i like it a lot, but i prefer avg 4 its simplicity but 4 this current prob u guys have or r worried about, try going to the steg site ..it wont hurt to check...and its a simple solution..ok?
go here guys
»www.steganos.com/?layout=web2005···guage=en |
|
 ironwalker World RenownedPremium,MVM
join:2001-08-31
Keansburg, NJ | reply to redxii
Great work redxii  and thank you for the speedy fix AVG.
With that said,is there confirmation as to the initial problem being fixed?
I do have the paid pro version on several pc's and talked a few friends/relatives into purchaseing as well,I'd hate to see this still an issue or similar permissions issues.
I myself do not see an "obvious" email address.As for Red,I am glad he started this topic and I am glad other security sites made the public aware of this as well.I do not think you(AVG) have anything to worry about.It was brought to light and fixed,nothing more to worry about.Its people like Red that help developers with there product,keeping it quiet is a moot point imo.
Thanks again
--
Live Free or Die! |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
| reply to redxii
AVG fixes, how about AVAST and PC-Cillin? I'm impressed that AVG resolved this so quickly - Thanks to redxii the vulnerabiltiy was discovered and resolved. I will lift my "recommendation embargo" on AVG Monday
asdfghjklzx5 pointed out that Avast home edition has the same issue, and geierr indicated possible problems with PC-Cillin home security - have they addressed it too, or is it not an issue with them?
--
Insert catchy sig line here |
|
| said by EGeezer: asdfghjklzx5 pointed out that Avast home edition has the same issue, and geierr indicated possible problems with PC-Cillin home security - have they addressed it too, or is it not an issue with them? I posted the issue along with instructions on how to fix it in the Avast forums. The Avast devs said they are aware of the issue and will be fixing it in the next update.
--
Have problems running your Windows box as a limited user?
Try this...»winsudo.toadlife.net |
|
LibraPremium
join:2003-08-06
USA
kudos:1 | reply to redxii
Re: AVG updates grant full control to Everyone, changes owner? I want to thank RedXX1234 for discovering this problem and DP for notifying Grisoft about it. I am using AVG free and I just received an update yesterday. The program is 7.1.385 and my Updater is version .384.
RedXX1234, I was very impressed to see your discovery published at Secunia!
Sincerely, Libra |
|
redxiiPremium,Mod
join:2001-02-26
Sherwood, MI Reviews:
·Clear Wireless
·Suddenlink
·Sprint Mobile Br..
Host:
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
AOL Broadband
1 edit | reply to asdfghjklzx5
Re: AVG fixes, how about AVAST and PC-Cillin? Hopefully they fix it better than AVG, because I don't know what putting each group/user twice in the security descriptor is supposed to accomplish; one coming from "C:\Program Files" and the other from "Parent Object". They are secure, but it's "Stop screwing around and having a field day with changing the default permissions." (and yes it does continue after the initial update)
|
|
pslossPremium
join:2002-02-24
Alpharetta, GA | said by redxii:Hopefully they fix it better than AVG, because I don't know what putting each group/user twice in the security descriptor is supposed to accomplish; one coming from "C:\Program Files" and the other from "Parent Object". They are secure, but it's "Stop screwing around and having a field day with changing the default permissions." (and yes it does continue after the initial update) Aw, crap...so they still don't know what they're doing, but in a less insecure way now?
--
Feedback? e-mail: stuff@lupwa.org |
|
redxiiPremium,Mod
join:2001-02-26
Sherwood, MI Reviews:
·Clear Wireless
·Suddenlink
·Sprint Mobile Br..
Host:
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
AOL Broadband
| yeah |
|
pslossPremium
join:2002-02-24
Alpharetta, GA
1 edit | What's even "curious-er" to me is that those extra ACEs in the DACL are all flagged as "inherit-only" -- even for files! The complete set of flags (in the added ACEs) is "object inherit ace (OI) + container inherit ace (CI) + "inherit-only" (IO) + "inherited" (ID) or "OICIIOID".
For example, here's the DACL I pulled off "%ProgramFiles%\Grisoft\AVG Free\avgemc.exe":
D:
(A;ID;0x1200a9;;;BU)
(A;OICIIOID;GXGR;;;BU)
(A;ID;0x1301bf;;;PU)
(A;OICIIOID;SDGXGWGR;;;PU)
(A;ID;FA;;;BA)
(A;OICIIOID;GA;;;BA)
(A;ID;FA;;;SY)
(A;OICIIOID;GA;;;SY)
(A;ID;FA;;;S-1-5-21-X-Y-Z-1003)
(A;OICIIOID;GA;;;CO)
So while the "security problem ACE" is gone, I think you're right -- these additional ACEs appear to be superfluous.
I'll hasten to add that I stumbled onto this article again (referenced elsewhere previously) and noted that we've now seen more than one of these "ways to shoot yourself in the foot" employed by products mentioned in this thread...
said by the article :
Shooting Yourself in the Foot with ACLs
There are many ways to use ACLs, and some lead to the expected result whereas others have dire consequences. In this article, we will look at the following:
1. Blanket replacement of ACLs
2. Replacing Everyone with Authenticated Users
3. Failing to understand SDDL
4. Misusing inheritance
5. Everyone:Full Control DACLs
6. Everyone:Deny DACLs
7. Null DACLs
8. Excessive SACLs
9. Lack of SACLs on sensitive files
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org
|
|
redxiiPremium,Mod
join:2001-02-26
Sherwood, MI
3 edits | It keeps doing that to *all* files every time the updater is run, not just the updated ones. One might notice there is more delay when updating than before installing 385. |
|
