Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Antivirus Vendors and Filtering Vulnerabilities

Finland-based antivirus and security software vendor, F-Secure, recently released a set of updates for almost their entire product line, with the most serious vulnerability allowing an attacker to take control of a vulnerable system. While the denial of service and privilege escalation vulnerabilities that were also fixed with the update are serious, it is the arbitrary code execution vulnerability associated with a scanning library that is the most interesting.

Over the last few years, a high percentage of serious vulnerabilities to affect antivirus software have been to do with weaknesses in the libraries used to scan various filetypes. This means that the antivirus product is becoming a target by itself, and it is worthwhile for attackers to try and target these known issues when distributing their malware. After all, why try and attack a system that may be protected when you can target the protection itself.

In many cases, the vulnerabilities affect software libraries used to peer inside files that may be compressed or archived with various compression software. Because the antivirus software can't see inside a compressed archive, it needs to be able to extract it to see whether the files within it are affected. It is this step where antivirus software is most at risk.

With the inability of antivirus vendors to keep up with the rate of emergence for new malware threats (ref. the recent .rtf based malware for an example, even though it was a variant of a Bancos trojan), and vulnerabilities associated with scanning compressed archives, it seems like end users are in a difficult place - they are at risk if they don't use it, and they are at risk even if they do. That is certainly true, but regularly-updated antivirus software is an important layer of any security model, and should be in place on all systems.

1 June 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.