The main Avast antivirus service contained a custom JavaScript interpreter, enabling wormable pre-auth RCEs. Avast has now disabled the emulator in response to a vulnerability report
Here's the tweet from Avast announcing they're disabling it: https://twitter.com/avast_antivirus/status/1237685343580753925 And Tavis Ormandy's response:...
Tavis theorizes that considering the public will just "pick the winner" when it comes to choosing an antivirus, scoring "even a single point" would not not make sense for Avast. But... huh?...
Tavis theorizes that considering the public will just "pick the winner" when it comes to choosing an antivirus, scoring "even a single point" would not not make sense for Avast. But... huh? Certainly not now that it's another point in their favor.
Why make it in the first place? What sort of an application could they have made out of an open JS interpreter?
I hear from informal chats there is brutal competition to win industry detection metrics, because customers will just pick the winner. Adding crazy features to score a single point wouldn't be questioned, as nobody picks the product with the smallest attack surface. 🤷🏻♂️
Ah, thanks. I think that must be talking about some sort of "antivirus comparison" where having certain features lets you rank higher, and people just take the #1 ranked antivirus without really...
Ah, thanks. I think that must be talking about some sort of "antivirus comparison" where having certain features lets you rank higher, and people just take the #1 ranked antivirus without really understanding what it means.
So maybe there's some kind of improved ranking for having "protection against javascript exploits" or something like that, where they need an interpreter to be able to detect malicious-looking javascript.
Here's the tweet from Avast announcing they're disabling it: https://twitter.com/avast_antivirus/status/1237685343580753925
And Tavis Ormandy's response: https://twitter.com/taviso/status/1237745571009409029
Tavis theorizes that considering the public will just "pick the winner" when it comes to choosing an antivirus, scoring "even a single point" would not not make sense for Avast. But... huh? Certainly not now that it's another point in their favor.
Why make it in the first place? What sort of an application could they have made out of an open JS interpreter?
I'm not sure what you're referring to, what's the "pick the winner" and "even a single point" stuff coming from?
This tweet (replicate image):
Ah, thanks. I think that must be talking about some sort of "antivirus comparison" where having certain features lets you rank higher, and people just take the #1 ranked antivirus without really understanding what it means.
So maybe there's some kind of improved ranking for having "protection against javascript exploits" or something like that, where they need an interpreter to be able to detect malicious-looking javascript.
Which... directly executes said malicious code?
It's unsandboxed, do keep in mind.