Antivirus "Iolo System Shield AntiVirus" exposes you to danger instead of protection

"Iolo System Shield AntiVirus and AntiSpyware" is an anti-virus not only with a very long name, but also not very popular software. We will venture to say that its developer, who is known for quite decent Windows optimization programs, should take care of what he does best. In terms of security, he does not have much to say and show (although he uses Cyren technology), therefore user protection should be left to reputable manufacturers, with whom he can not compete in any way. If you have (or your friends) the Iolo manufacturer's protection program, do not hesitate to use the control panel to remove this dubious "antivirus program".

According to the assessment based on the international standard CVSS (Common Vulnerability Scoring System) risk / severity / threat priority rating, the anti-virus "Iolo System Shield AntiVirus and AntiSpyware" has as many as 8.4 points out of 10 (a dozen or so hours ago the Cisco device vulnerability was 10/10 ), giving the rank of threat at the "high" level (but not yet critical).

Iolo System Shield AntiVirus and AntiSpyware

Unfortunately, sometimes the program that is supposed to protect the user itself has security holes. This is not surprising to us (you should not). Usually, vulnerabilities in the antivirus code come down to the attacker sending the file, then the user starts the file ( sometimes you do not have to run anything ), so that the malicious code will start automatically as a result of unlucky circumstances during scanning.

Antivirus "Iolo System Shield AntiVirus and AntiSpyware" with a serious vulnerability

This is not different with Iolo System Shield AntiVirus and AntiSpyware. Vulnerability with the CVE-2018-5701 identifier allows an attacker to gain elevated privileges through a vulnerability in the " amp.sys " file. By sending a specially crafted request, the attacker may use the vulnerability to gain elevated privileges and execute malicious code.

The vulnerability affects the anti-virus version of 5.0.0.136, specifically the "amp.sys" driver, which is vulnerable to attack, is marked with number 5.4.11.1. Unfortunately for the producer and users of Iolo programs, not only the anti-virus is vulnerable, but also the System Mechanic Pro software to version 17.5.0.116, which was very popular only a few years ago. Currently, all these "optimizers" of systems have lost their importance.

The author of the found vulnerability has not received a response from the manufacturer (although System Mechanic Pro has been patched), so he published a ready exploit , which attackers can import to Metasploit to automate the attack and gain remote access to the user's system. Parvez Anwar has tested his discovery on Windows 7 and Windows 10 to obtain from the use of susceptibility new user " user2 " with administrator privileges.

Iolo System Shield AntiVirus and AntiSpyware CVE

Well ... Users are advised to update Iolo software and really seriously think about a better alternative. Currently, every manufacturer offers a free trial period, so you can try one of the reputable programs to protect your Windows system without worrying about the costs.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.