Petronella Blog Archive

Visit our New Blog

Insecure Software: Blue Screen of Death Possible Just by Receiving an Email

Blog Post

How safe is your anti-virus program?  If you use Symantec or Norton-branded programs, you are probably not as secure as they would like you to think.

Google Project Zero has one one job: to unearth potential security breeches in the very same anti-virus software that has sworn to serve and protect computers from just such breeches. And researcher Travis Ormandy is very good at his job.  He has found over 45 vulnerabilities in such security companies as AVG, Comodo and Linux.  That being said, what he found at Symantec was, in his own words, “… about as bad as it could possibly get,” because (as quoted on his Twitter account), "Just receiving an email is enough, no need to open or read it (even webmail, so long as the tab is open). URL also works.”

Hackers tend to target anti-virus programs due to the depth of access they require to do their jobs effectively.  The reason Symantec’s access has the potential to be so detrimental, especially to Windows’ users, is because the scanning engine must be placed into its core code inside the computer, which is called the “kernel.”  The bug Ormandy used targets that scanning engine, and has the ability to completely wipe out the memory within the kernel.  What does that mean for the user?  Four dreaded little words: Blue Screen of Death.

What is even more concerning is the fact that, depending on the platform being used, the user must only SCAN an email that has been received…  It does not even have to be opened.

Fortunately, Symantec has acted quickly.  As of Monday, May 16, 2016, they have issued the fix for this flaw in their most recent update.  They are currently working on correcting other potential breeches.

A phone call from Mr. Ormandy must strike fear into the hearts of anti-virus companies.  But better a call from Mr. Ormandy than calls from angry mobs of customers with permanent blue screens of death.