Vulnerabilities within security solutions -- antivirus software in this case -- are a natural event, however, the conflict of interests and failure of communication between those finding them and those failing to acknowledge them as vulnerabilities in general, harms the customer. How they get count, and how is their severity measured in a situation where a vulnerability bypassing the scanning method of an antivirus software allowing malware to sneak in, is less important than a remote code execution through the antivirus software, is a good example of short sightedness. Here's a related development regarding a recent study regarding vulnerabilities in antivirus software - "McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position" :
"Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products :
“A recent ZDnet blog discusses a large number of vulnerabilities German research team N.Runs says it found in antimalware products from nearly every vendor. The ZDNet posting includes scary graphs to frighten users of security products. We researched the N.Runs claims by analyzing the raw data and found their claims to be somewhat exaggerated. We will discuss our findings (and make available our source data) in the attached document. We have also provided our source data for anyone who wishes to examine it.”
Today, n.runs AG has issued a response to McAfee’s statement, providing even more insights into the vulnerabilities they’ve managed to find, how they found them, and why are the affected antivirus vendors questioning the number of flaws in general."
Consider going through the interview with Thierry Zoller as well.
UPDATE: The folks at ThreatFire know how to appreciate my rhetoric.
Related posts:
Scientifically Predicting Software VulnerabilitiesZero Day Initiative "Upcoming Zero Day Vulnerabilities"
Delaying Yesterday's "0day" Security Vulnerability
Shaping the Market for Security Vulnerabilities Through Exploit Derivatives
Zero Day Vulnerabilities Market Model Gone Wrong
Zero Day Vulnerabilities Auction
The Zero Day Vulnerabilities Cash Bubble
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Thursday, July 24, 2008
Vulnerabilities in Antivirus Software - Conflict of Interest
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment