Help - Search - Members - Calendar
Full Version: Is AdAware safe?
B.I.S.S. Forums > Bluetack Forums > Global News and Announcements > Global News Archive
hackattack142
an interesting article

QUOTE
[Abstract]
Ad-Aware is a poorly written anti-spyware program from Lavasoft. Running
it gives you a false sense of safeness. There can be done numerous attacks
against this software. I'll show some of the problems and attacks in this
write-up. Here's just a summary of the most visible problems I've run into.

1. Definition file
1.1. "Encrypted" with xor \
1.2. Packed with ZIP with simple password - trivial to intercept def
updates and change the defs
to make the malware invisible
1.3. No checksum in the def file /
1.4. Big redundancy in the def file
1.5. !!! Multiplying the number of entries in the def file with constant
1.46 to make it look it has more definitions !!!

2. Program
2.1. Poorly written checksum algo
2.2. Poorly written scanning algo (slow as hell)
2.3. CSI works only for in-memory images and is useless

You want the proofs? Read the following text ...


http://rootkit.com/newsread.php?newsid=471
firstaid
Whose side are these guys at rootkit.com on? After reading that, I would have to say, it is not safe for more peeps now.

rootkit.com gets a F for tact on this one.
Don't get me wrong, I have had a few F's myself when dealing with internet security, but I think the way this was done needs to be looked at and used as an example of how not to do reports on apps like this that people are using. I have seen the ineffectiveness on many applications when root kits and trojans are involved. The goal should be to try to help improve known exploits in any app not just to trash them to try to make one look better than another. When it comes to something new, nobody is perfect and can remove them or block them until it is found or reported.

I would like to know....

Did they offer this to the makers of Adaware in some way to help them?

This whole thing just stinks, there are obviously good and bad apps out there but I don't like they way they attack adaware on this. Or perhaps they have a free app that will do better? It's like the script kiddies who hacks your site to tell you that you need to update your software when you have no money to do it, and you have know about the problem for ages.

It's like a divide and conquer strategy. We need a more helpful strategy in the community on fighting these serious infections. I ask them to consider this more in the future before posting an article like that. At least give the makers some notice and some time to correct the problems. If they do not, then it's open season on them.

firstaid
ACSCrusher
QUOTE (firstaid @ Apr 19 2006, 11:06 PM)
Or perhaps they have a free app that will do better? It's like the script kiddies who hacks your site to tell you that you need to update your software when you have no money to do it, and you have know about the problem for ages.

I agree with you Firstaid.

And knowing the corporate world as I do, your hands can be tied...

Nah. it's not worth saying that, don't say it. OH ok - YOU DO BETTER...!
CelticFerret
No, I don't think it is. Maybe it never was. Horrible shame.

Apparently, the code for "AAWV.dll" was equally trivial to compromise:
Defeating Ad-Aware Authenticity Check
Posted by roy_batty (Normal user) [ip info hidden] - Apr 23 2006, 09:41 (UTC+0)
hxxp://rootkit.com/board.php?thread=6419&did=edge471&disp=6419
Also...
Lavasoft Ad-aware Authenticity Check, Question or comment regarding posted update Link to CoU
QUOTE
However, the big issue here is far more basic. rootkit.com is making some VERY serious accusations here and Lavasoft is not denying them. This looks extremely bad for Lavasoft. The redundancy and "Multiplying the number of entries in the def file with constant 1.46 to make it look it has more definitions !!!" is not a good thing in my book.

I think you need a hacker/cracker to "watch the watchers," in some cases. The more I look at this the worse Ad-Aware looks. I'm considering disabling it on all systems...

And I have disabled it on all systems.
--CF skull.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.