Reporting a Vulnerability almost in every single F-Secure Products

MrParham

Hi Developers and other friends in Community

 

just do a simple test in any F-Secure products, with my Instruction:

 

press Windows+R ( open Run ) on keyboard together, type Services.msc then tap on enter ,

ok we now can see (find) all of f-secure services which is normal , obviously they should be running.

BUT ! here is the dangerous Vulnerability, just try to Stop and Disable all of F-Secure related services , easly easly they all can be stop and disable, and then your f-security is gone. you are unprotected, i like to put a plus here

+ another vendors i tested this .... with them and all of them deny the request about disabling their services.

how i found out about this Vulnerability ? i'm reading PcMag reviews for F-Secure products about 3 years.

and in every review, reviewer noticed this Vulnerability, no fixing ! so i hope this topic in your forum,F-Secure got a result

 

 

Best Regards,

Parham

Simon

Thanks for reporting this.

 

I'd be surprised if it was quite so easy for a malicious program to disable F-Secure in this way, but it would be interesting to hear what the developers / tech guys have to say about it.

gancal

Hi MrParham,

 

Thank you for bringing this up to us. For future bug reports, please do contact us by sending an email to security@f-secure.com with details for further investigation.

 

As for the issue you've raised up in this post, we do not consider this as a vulnerability in our products. Disabling F-Secure services (or any other services) through the Services Management Console interface requires admininstrator privillege. It is not possible for a limited account user to stop a service (including F-Secure services) without providing an administrator credentials.

 

It is likely that your current user account is already an Administrator account hence the ability to stop any services without the UAC prompt as Windows skips the elevation if you are already in the administrator group. If an attacker has access to an administrator account in your machine, they could likely perform any other task too than just disabling the AV.

 

If however you have method to disable any F-Secure services without using an Administrator account through the services.msc interface, we would like to hear more from you. Please do provide us with details (steps to reproduce or PoC if available) and send them to security@f-secure.com. You could be rewarded too if the issue you raised to us is a valid vulnerability.

 

Hope this reply helps clarify the situation. If you have questions, please do post them and I'll gladly answer you. Till then, have a nice day! 

 

Regards,

Calvin Gan

F-Secure Security Vulnerability Expert