有力回击Rootkit:Kaspersky无懈可击

互联网 | 编辑: 黄蔚 2007-10-17 00:30:00转载 返回原文

卡巴斯基的官方回应

前一段日子Rootkit.com 发表了关于卡巴斯基存在巨大漏洞的文章,得到卡巴斯基的官方回应!

Faulty data processing in klif.sys driver

<关于klif.sys驱动文件中错误数据处理问题的说明>

On September 12, 2007, Rootkit.com published a report regarding two vulnerabilities affecting product operation in Kaspersky Lab products for Windows (view report).

<Rootkit.com网站于2007年9月12日发表了一份关于2个漏洞缺陷会影响到卡巴斯基实验室Windows版产品操作的报告>

This is not the first time that this author has failed to notify us about a vulnerability before making it public, despite the fact that notifying the vendor first is de facto an industry standard.

<尽管向制造商第一时间汇报反馈为业界之不诤的共识;然而该文作者已不止一次地在报告漏洞问题上犯马后炮的失误了。>

The article describes the following situations:

<文章大体叙述如下情况:>

The absence of data checking in klif.sys driver may result in a critical system error (BSOD) when malicious code is executed locally.

Kaspersky Lab does not regard this vulnerability as critical because this piece of code does not provide any benefits for malware writers. Exploiting this vulnerability draws attention to the presences of malware in the system, but it can neither be exploited from a remote computer nor does it enable privilege escalation for the attacker. However, the code in which the vulnerability was found is outdated – it is not needed on contemporary computer systems, therefore we are removing this code from our products.

<Kiif.sys驱动文件在数据校验过程中的缺失可能会当恶意代码本地执行时造成严重系统错误(蓝屏)。卡巴斯基实验室认为这不是严重级别的漏洞,因为这段代码对恶意程序编写者无利可求。虽然可能会吸引恶意程序的注意来攻击该漏洞;但是它既不可能被远程主机攻击,而且即便提升黑客权限,攻击也不能得逞。发现漏洞的那段代码已是明日黄花--对于当下的计算机系统它没有存在的必要;因此我们正着手把它从产品中删除。>

卡巴斯基给用户的留言

The data processing error in the klif.sys driver will be corrected in an update to Kaspersky Lab products to be released in November 2007.

<klif.sys驱动文件中数据处理错误将在2007年11月即将发布的卡巴斯基实验室产品中得以更新>

Calling the DuplicateHandle routine for the antivirus thread makes it possible to suspend the thread.

<文章声称对防病毒软件重复处理进程可能致使线程停挂>

Kaspersky Lab does not consider this to be a vulnerability: it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms. As a matter of fact, according to (test results, Kaspersky self-defense capabilities are the most robust in the industry. While we are continually improving our self-defense capabilities, we do prioritize issues balancing between security, degree of seriousness and probability of use.<卡巴斯基实验室认为这不是一个漏洞:我们的代码准确无误,某种隐蔽的手段试图规避我们的自我保护机制来操控标准Windows进程。事实上,经过实验论证,卡巴斯基的自我保护能力的效力在业界是出类拔萃的。我们在致力于提升自我保护效力的同时,也在优化权衡产品的安全性、严谨性和易用性。>

We would like to remind users that our robust protection works best in conjunction with best computing practices, including scan everything that you download onto your machine and only run programs from reputable sources.

<"我们真诚提醒用户:我们无懈可击的病毒防护是基于实践久经考验的,包括扫描每一个下载到你PC上的文件并且仅允许打开可靠来源的程序。">

译文仅供参考;详情请参阅:http://www.kaspersky.com/technews?id=203038706

返回原文

本文导航

相关阅读

每日精选

点击查看更多

首页 手机 数码相机 笔记本 游戏 DIY硬件 硬件外设 办公中心 数字家电 平板电脑