[pchelpers] Article:Is security software becoming a security risk?

November 24, 2007
Is the software we're using to protect ourselves from online attacks
becoming a liability?

By Robert McMillan
That's what Thierry Zoller believes. For the past two years, the
security engineer for n.runs AG has taken a close look at the way
antivirus software inspects email traffic, and he thinks companies that
try to improve security by checking data with more than one antivirus
engine may actually be making things worse.


Why? Because bugs in the "parser" software used to examine different
file formats can easily be exploited by attackers, so increasing your
use of antivirus software increases the chances that you could be
successfully attacked.

Antivirus software must open and inspect data in hundreds, if not
thousands, of file formats. One bug in the software that does this can
lead to a serious security breach.

Zoller and his colleague Sergio Alvarez have been looking into this
issue for the past two years and they've found more than 80 parser bugs
in antivirus software, most of which have not yet been patched.

The flaws they've found affect every major antivirus vendor, and many of
them could allow attackers to run unauthorized code on a victim's
system, Zoller said.

More here:
http://www.computerworlduk.com/technology/security-products/prevention/in-depth/index.cfm?RSS&articleid=961

-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: