So microsoft created a technology that stopped people from patching their kernel in that way. it was also one of the main causes of system instability on windows because the people that wrote the wrapper functions did not understand nearly as much about the operating system as they thought, and introduced at best crashes and at worst outright vulnerabilities. this was done so often that linux implemented loadable security modules (LSM) and then SELinux on top of that, while other systems (grsec, rbac) exist as patches. The "normal" way this was done was to have your kernel driver replace system call implementations with wrappers that check an alternate security policy. if you try and make an anti-virus or HIPS system based around ptrace you're going to have a very bad day (it's slow, attackers can detect it) I suspect that browser vendors are hesitant because an API created for that purpose would likely also get hijacked and used by malware and adware. What ought to happen here, is that Avast (and other AV vendors) should be coordinating with Chrome (and other browser makers) to provide an API for antivirus software to get access and scan, in a way that doesn't interfere with the normal SSL authentication machinery. In particular, this article reports that Avast will accept revoked SSL certificates, which is a problem. Web browsers put a lot of work into distinguishing good and bad SSL certificates, and Avast's MitM interferes with this working correctly. The problem is, making a secure SSL endpoint is really hard if you aren't very very careful in how you distinguish good from bad SSL certificates, then users are vulnerable to having their connections tampered with by things like untrusted Wifi routers.
This actually makes sense if it wants to scan for malware in web pages and file downloads coming from https sites, it has to either do this or mess with the internals of web browsers, and MitM is easier and less likely to cause technical problems. This reports that Avast, an antivirus program, inserts itself as a man-in-the-middle on all SSL connections on computers it's installed on.
0 kommentar(er)
