Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft Modifies Open-Source Code, Blows Hole in Windows Defender

posted by chromas on Monday April 09 2018, @06:12PM   Printer-friendly
from the (unsigned⠀int) dept.

mrpg writes:

https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/

A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.

[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft Modifies Open-Source Code, Blows Hole in Windows Defender | Log In/Create an Account | Top | 85 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by FatPhil on Monday April 09 2018, @11:05PM (2 children)

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Monday April 09 2018, @11:05PM (#664734) Homepage
    It's not "Open Source", even if it is "open source". Having said that, "Open Source" is a bit messed up, and unrar's a bit messed up and it's possible that the messes overlap. Unrar may have restrictions on usage, but the problem is that it doesn't have enough restrictions on modifications. If it obliged you to keep the source open, and distribute it with any modifications, then this bug could have fallen to the many eyes solution years back. But no, it's closed source now - all we've got is a crappy disassemly to work with.

    This is what RMS keeps saying - the more-free licenses are worse, as they permit others to take desirable rights away.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Tuesday April 10 2018, @02:17PM (1 child)

    by Anonymous Coward on Tuesday April 10 2018, @02:17PM (#664946)

    Nobody who cares about free software gives two shits about Unrar's license being "too permissive".

    Unrar is proprietary and Windows Defender is proprietary and both are bad.

    TFA (quoting Google's Tavis Ormandy) calls unrar "open source" which is simply wrong.

    • (Score: 2) by FatPhil on Wednesday April 11 2018, @07:15PM

      by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Wednesday April 11 2018, @07:15PM (#665484) Homepage
      > Nobody who cares about free software gives two shits about Unrar's license being "too permissive".

      RedHat do (URL posted elsewhere by elsewho).
      --
      Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves