
Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities In 6 Months - kmonsoor
http://www.forbes.com/sites/thomasbrewster/2017/01/25/trend-micro-security-exposed-200-flaws-hacked/#72e40ac255d6
======
empath75
We've been trying to fight a security auditor requirement to put antivirus on
all of our amazon amis (including linux). It's insane that anyone thinks that
improves security.

~~~
yunolisten
From experience many so called 'security auditor's tend not to have a clue
what they're talking about technically, and operate from a playbook. They do
however speak the the same language as management. Buzzword bingo, spreading
FUD, selling snake oil.

~~~
cuca_de_chumbo
This is so true. I worked for a small-time compliance software vendor where
the domain expert was an incoherent mess (with all the buzzwords thrown in),
the CEO couldn't discuss the software intelligibly, and the VP Engineering
presented a demo video loop at a trade show booth showing theirself entering
the company AWS credentials in clearly legible form.

The place had so many dysfunctions I'd not know how to start. I work for a
much more professional outfit now with true appreciation for security and
competence.

edit: there's a real gap in this non-glamorous compliance domain. if you
address it and need to execute SCAP (OVAL, XCCDF) content, look to a very
competent scanner vendor, jOVAL. The real challenges are in organizing and
presenting consistent info across many compliance standards, OSs, cloud
vendors, etc. ... and to scan entities that aren't OSs per se, and to analyze
cross-domain conditions.

------
wslh
The main disadvantage security companies have is the difficulty to integrate
with the core operating system. This makes it easy to third parties (e.g.
malware) to use the same software for malicious applications. They based their
security products in a lot of system internals tricks to make them work (e.g.
API hooking, reverse engineering, drivers). Microsoft has a clear advantage in
this market because they can modify the OS "a piacere".

Disclosure: I provide this kind of solutions to Trend Micro, Symantec, and
many other security vendors.

~~~
saycheese
From your HN user profile, "At Nektra we are providing solutions that require
Windows system internals and reverse engineering skills."

[http://www.nektra.com](http://www.nektra.com)

~~~
wslh
Yes, that is the reason I made the disclosure. Almost all of our work involves
intercepting, modifying, and integrating third party applications with Windows
when Windows doesn't provide APIs to do this.

~~~
wglb
So are you using undocumented windows APIs or hooks?

~~~
wslh
It depends of the work but for example we created APIs for applications that
don't have APIs, reversing the code to expose an unexisting API.

You can check our open source software at
[https://github.com/nektra](https://github.com/nektra) Deviare, Deviare2, and
RemoteBridge are some of our engines.

~~~
wglb
I apologize for asking a bit of a leading question. But I am concerned that
changes to undocumented APIs in windows could lead to blue screens upon
rollout of updates, no?

~~~
wslh
Blue screens issues are for drivers but not for user mode applications. In
general companies try to avoid doing Windows drivers. The solutions based on
drivers are more stable and based on existing frameworks.

For example, in the case of companies like Trend Micro they sign a yearly
support contract for supporting any OS app update.

I can answer any "extreme" public or private (via our website contact)
question.

------
nissehulth
[http://archive.is/KsAxC](http://archive.is/KsAxC) if you can't view the
original page

~~~
lsh
yes! _thankyou_ \- all I got when I went to that link was a fuzzy image and a
great white circle.

~~~
nissehulth
There's something fishy with the adblock detection at forbes.com. I have no
adblocker at all in Chrome, but I can't get pass the landing page that tells
me to disable the adblocker.

------
pragone
OT: Anyone able to copy and paste the content of the article? All I get when I
go to Forbes these days is the quote screen and nothing ever loads.

~~~
kuschku
If you don’t rely on a screenreader, here’s a screenshot:
[http://i.imgur.com/yfWL6XT.png](http://i.imgur.com/yfWL6XT.png)

Otherwise nissehulth posted this useful link:
[http://archive.is/KsAxC](http://archive.is/KsAxC)

------
douche
We got hit with the zepto virus a while back. It's resulted in a least 10x the
inconvenience, since we have had to deal with a third party anti-virus, and
all of the inconveniences and bugs those introduced

------
KenCochrane
It doesn't mention this in the article, but I assume they got paid by Trend
Micro for their work? Bug bounties, etc. If so, I wonder how much they made?

~~~
kakwa_
No, some of these security bugs were found by the Google Project Zero and
Tavis Ormandy

[https://news.ycombinator.com/item?id=10882563](https://news.ycombinator.com/item?id=10882563)

[https://bugs.chromium.org/p/project-
zero/issues/detail?id=69...](https://bugs.chromium.org/p/project-
zero/issues/detail?id=693&redir=1)

The whole thread of comments is quite scary...

