昨天听说卡巴用安全漏洞的消息真是让人有点担心,不过今天的了解到,原来的问题(卡巴在处理.cab文件时存在不足,容易被病毒利用导致软件的问题)在9月29日卡巴就在升级过程当中就在升级数据库中添加了用来检测可能存在的通过这个缺点攻击用户的程序代码,大大降低了这个缺点可能产生的危害。而且卡巴试验室的专家正在加紧开发紧急升级程序来结束漏洞带来的影响,补丁将在10月5号晚些时候发布,通过正常的升级就可以解决这个漏洞。
卡巴用户不用担心了
英文原文如下:
There has recently been a wide-ranging discussion in the mass media about a report by Alex Wheeler, an independent researcher, that a vulnerability related to processing files of the CAB format has been discovered in Kaspersky Lab antivirus products. Taking into account the close attention of the computer community, Kaspersky Lab considers it necessary to provide official comments on the incident.
The company confirms the presence of a vulnerability in a Kaspersky Anti-Virus module used to process CAB files. Taking advantage of this vulnerability results in a malfunction of the antivirus program. This effect is present only in the Windows environment and does not affect other operating systems.
At the same time, Kaspersky Lab specialists have taken measures to eliminate the threat related to the CAB module vulnerability. First of all, on receiving the relevant data, the virus analyst team within a short time period created a package of signatures that detect possible exploits of this vulnerability (procedures that use the vulnerability to compromise a computer). This set of signatures was added to the antivirus databases of Kaspersky Anti-Virus on September 29, significantly reducing the chances of successful use of the CAB vulnerability exploits. Furthermore, no attempts to create and distribute such exploits have been recorded to date. In this connection, it should be noted that Alex Wheeler, who discovered the vulnerability in question, has not provided demonstration code that uses it.
All in all, based on the above factors it can be stated that the actual threat posed by the CAB vulnerability is minimal and cannot affect the level of antivirus protection provided by Kaspersky Lab products.
Kaspersky Lab experts are currently developing an emergency update of the company's antivirus products which include the CAB module affected by the vulnerability. The revised list of such products includes: Kaspersky Anti-Virus Personal 5.0, Kaspersky Anti-Virus Personal Pro 5.0, Kaspersky Anti-Virus 5.0 for Windows Workstations, Kaspersky Anti-Virus 5.0 for Windows File Servers, Kaspersky Personal Security Suite 1.1. Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability. Updates eliminating the CAB vulnerability for all the programs listed above will be released in the second half of October 5th, 2005 and will be available for installation using standard updating procedures.
Kaspersky Lab is also a known provider of antivirus solutions for OEM and technology partners. Majority of solutions distributed by Kaspersky Lab OEM and technology partners does not incorporate the vulnerable module and thus is not affected. Furthermore the signature database update released by Kaspersky Lab on 29th of September prevents potential attacks by detecting and neutralizing the malicious code of a possible exploit before system can be affected. This countermeasure provides necessary level of protection for potentially vulnerable systems until the software update is released.
