|
|
Kaspersky® Anti-Virus and Kaspersky® Internet Security 6.0: Potential vulnerabilities in the klif.sys driverKaspersky Lab responds to potential vulnerabilities in to its version 6.0 product line Uninformed, a network publication, recently published (http://www.uninformed.org/?v=4&a=4&t=sumry) an article with a description of various vulnerabilities associated with the way in which the klif.sys driver operates in Kaspersky Lab products. This information was later circulated by numerous Internet resources devoted to security, such as SecurityFocus (http://www.securityfocus.com/bid/18341/info), Secunia (http://secunia.com/advisories/20629/) and Information Security (http://www.security.nnov.ru/Gnews263.html?l=EN). Some of the information included in the article however seems a bit unclear. For example, the article mentions Kaspersky Internet Security Suite 5.0 specifically mentioned in the article, and which is not in the existing Kaspersky Lab product line. At the same time, we do acknowledge that two of the problems described by the author are in fact present in Kaspersky Lab’s version 6.0 personal products:
These problems will be corrected within the week in Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0. Corrected files will be made available to users in the next Critical Fix, which will be automatically downloaded as part of the program module update together with antivirus database updates. It should be noted that these two problems pose no threat to users and are difficult to reproduce. They can only be reproduced by executing a special program which sends specially formulated requests to the driver on a local computer. These problems can not lead to the execution of malicious code and can only result in the local machine rebooting. As for the remaining “problems”, there are only two possibilities: the code in question is either standard code used in all antivirus engines and approved by Microsoft or know-how deliberately used by developers to increase the system’s antivirus security. Alternative methods suggested by the author of the article may result in lower system security and their applicability is doubtful. In the conclusion of the article, the author expresses concern that the technologies used will make it hard to use Kaspersky Anti-Virus on x64 processors and in multi-core environments. This is not entirely accurate: Kaspersky Lab products were ported to x64 in late 2005 (Kaspersky Anti-Virus 5.0 for Windows File Servers) and successfully work on Multi-Core / Hyper Threading processors. An example of this success is the recent VB100% certification for antivirus systems running under Windows 2003 Server x64 Edition received by Kaspersky Lab in December 2005 ((http://www.virusbtn.com/vb100/archive/results?vendor=VE15). Kaspersky Lab cares about the security of its users and will continue to improve its antivirus systems. UPDATE: The fix was issued on 30/06/2006 via regular database update.
|
|
All Rights Reserved. Industry-leading Antivirus Software