Insecurity in security software

Andreas Marx AV-Test.org
Maik Morgenstern AV-Test.org
Mary Landesman About.com

Data security software and, in particular, AV programs are widely deployed throughout companies, organizations, and private homes. Without this protection, users are at high risk of malware infection. But what happens when the protective software becomes the vector for compromise? In the first part of 2005, several security vulnerabilities - especially buffer overflows - were discovered in a wide range of security products. Both open source software such as ClamAV and commercial tools from Symantec, F-Secure, Trend Micro, and Computer Associates have been affected. In this paper, we discuss the additional risk of infection caused by these vulnerabilities in AV and other security software, including how this risk can be reduced by the developers and by the users of the products.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,245 registered users.