how-to block ads
|
toadlife
Premium
join:2004-05-03
Lemoore, CA
 ·AT&T Yahoo
| Re: AVG updates grant full control to Everyone, changes owner? Bad developers!
Since AVG's developers seem to lack a clue, another thing to check for is weather or not AVG's tray icon (I assume it has one) is displayed by a service with SYSTEM rights. This opens the machine up to a shatter attack.
That's getting a little tinfoil hat-ish though. I've never heard of malware that actually used shatter attacks. | |
|  
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| Re: AVG updates grant full control to Everyone, changes owner? That'd be avgcc.exe and it runs as the current user.
psloss, I already indicated that I was using 7.1 Free edition
I posted in the AVG forum and the best response so far was "Make sure it isn't conflicting with KAV." First of all, there was and is no KAV on the machine in the pics and on my computer. I have KAV on other machines.
If someone has an 7.0 setup file, please do send... | |
| | | | psloss
Premium
join:2002-02-24
Alpharetta, GA
| said by redxii  :psloss, I already indicated that I was using 7.1 Free edition Sorry, went right over that in your original post. My bad.
Yeah, that's not good about the updater, although this type of escalation opportunity is still not at the top of the list in terms of taking over control of a Windows box these days.
A more interesting test would be to try to run this on the latest Vista CTP, though I don't know if AVG is compatible or not (i.e., will even install).
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org | |
| | |
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| Re: AVG updates grant full control to Everyone, changes owner? said by psloss :Yeah, that's not good about the updater, although this type of escalation opportunity is still not at the top of the list in terms of taking over control of a Windows box these days. It's still an opportunity, and should be fixed. | |
| | | | psloss
Premium
join:2002-02-24
Alpharetta, GA
| Re: AVG updates grant full control to Everyone, changes owner? said by redxii :said by psloss :Yeah, that's not good about the updater, although this type of escalation opportunity is still not at the top of the list in terms of taking over control of a Windows box these days. It's still an opportunity, and should be fixed. Absolutely agree; however, given that they already have code that appears to add an Everyone/Full Control ACE to DACLs of updated or downloaded files, I'm not sure how sensitive they're going to be to privilege escalation. Or, how expeditiously this will get fixed.
Somewhat randomly, this reminds me of a recent blog post about how terminal session separation in Vista is going to cause some consternation for NAV. For what it's worth, AVG Free installed on the February Vista CTP...but both attempts I made to open the command center caused the OS to bugcheck. Going to be an interesting year to see what happens to this category of consumer software.
Hopefully this issue will gain some traction at Grisoft and maybe the changes to Windows will increase the importance of scouring kludges like this out of their code.
--
Feedback? e-mail: stuff@lupwa.org | |
| | | | Libra
Premium
join:2003-08-06
USA
| Hi RedXII1234,
I'm not comfortable going into safe mode to look at those permissions, but I have AVG7.1 free on my daughter's computer and one time, in a limited account, I tried to delete a WMF test item from the vault, and I wasn't able to. I also tried to change the results of a scan to accept an item "changed", and I couldn't do that either. Based on that I didn't think the limited user had rights. When I tried to make one of those changes I got this error in the Event Viewer:
Source: AVG
Category: error
Event ID # 100
AVG7.CC plugins.CPluginManager action running failed. Error 0x80004004.
Is there a way for you to get this information to Grisoft? I don't think he visits the AVG forum.
Sincerely, Libra
| |
| | | | |
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| Re: AVG updates grant full control to Everyone, changes owner? In a command prompt: cacls <filenameordirectory>
I am probably falling on deaf ears unless I were a paying customer... In the mean time, thinking about all those other AVG users who even if they are limited users have absolutely no idea... | |
| | | | | | Libra
Premium
join:2003-08-06
USA
| Re: AVG updates grant full control to Everyone, changes owner? said by redxii :In a command prompt: cacls <filenameordirectory> I don't think I can do cacls on XP Home (but I haven't tried).
Should we be changing to a different AV?
Sincerely, Libra | |
| | | |
|
