Kaspersky fixes IPv6 problem in Internet Security Suite
Security researcher Marc Heuse discovered that the firewall in Kaspersky Internet Security 2013 has a problem with certain IPv6 packets. The researcher said that he publicly disclosed the details of the problem because Kaspersky didn't respond when he reported it. Shortly after his disclosure, Kaspersky did release a fix.
A single packet is all that's required to completely cripple a Windows PC. When running tests with his IPv6 tool suite, Heuse discovered that KIS responds inappropriately to fragmented IPv6 packets that contain an overly long extension header. IPv6 support has been enabled by default since Windows Vista, therefore users would be vulnerable even without one of the still sparsely used IPv6 internet connections – for example on public Wi-Fi networks.
Kaspersky has now confirmed the problem for Kaspersky Internet Security 2013, Kaspersky Pure 3.0 and Kaspersky Endpoint Security 10 for Windows. "A non-public patch [for Kaspersky Internet Security 2013] is already available from our support department on request, and an autopatch that will fix the problem automatically will be released in the near future", Kaspersky told The H's associates at heise Security in an email. In the other products, the company plans to fix the bug within its normal update cycle.
This problem further confirms The H and heise Security's reservations concerning internet security suites with integrated firewalls, which frequently cause problems. For example, we keep finding in our tests that simulated attacks allow components such as the DNS server or the update server to be placed on the blacklist of blocked IP addresses, which can dramatically restrict a user's internet access or defence features. The Windows firewall, on the other hand, reliably does what it is supposed to do – so there isn't really any need to use a third-party firewall.
The only argument for a personal firewall that is integrated into the security suite would be if it were part of a behaviour monitoring component. For example, Costin Raiu – one of the researchers who discovered the MiniDuke spyware trojan – told heise Security at CeBIT that the spyware was picked up by the KIS behaviour detection. However, the AV expert said that Kaspersky Anti-Virus doesn't include the component that was crucial for detecting the malware. Of course, MiniDuke isn't a truly representative malware sample. When testing internet security suites, heise Security has so far been unable to find any significant defence improvements.