Are Security Products a Security Risk?

"Approximately 800 vulnerabilities discovered in antivirus products"


http://blogs.zdnet.com/security/?p=1445


My antivirus solution Kaspersky is one of them... Sigh... :(
0
Ryan
7/21/2008 10:05:21 AM
grc.security 16608 articles. 3 followers. Follow

6 Replies
999 Views

Similar Articles

[PageSpeed] 52

On Mon, 21 Jul 2008 18:05:21 +0800, Ryan Ernest S. Selda said:

> "Approximately 800 vulnerabilities discovered in antivirus products"
> 
> 
> http://blogs.zdnet.com/security/?p=1445
> 
> 
> My antivirus solution Kaspersky is one of them... Sigh... :(

This has already appeared here, on 8th July, in a thread entitled
"Approximately 800 vulnerabilities discovered in antivirus products"

I am not convinced. See

http://www.12078.com/groups/security:125887

This is just a rival AV company trying to generate sales.

-- 
Kiyomori
0
Kiyomori
7/21/2008 11:14:25 AM
On Mon, 21 Jul 2008 12:14:25 +0100, Kiyomori <fool@example.invalid>
wrote:

>This is just a rival AV company trying to generate sales.

May well be the case. But the message itself is valid enough. In fact,
this shouldn't really come as any surprise at all.
0
Root
7/21/2008 6:30:14 PM
I have listened to some discussion of this topic on "Pauldotcom Security
Podcast".  I have to think that this could potentially be a huge
problem, especially those IT guys that seem to rely on the
AV/AS/Anti-Malware products to protect their networks.  One comes to
mind, as he admins the network I use in the evenings, weekends and days off.

I realize that AV vendors and the media like to sensationalize, but one
real problem and its all over for someone's data.  I gave up serious
coding years ago, because I just wasn't that good.  But, even great
coders make mistakes.  Having code reviewed by peers is a way to catch
some things, but even looking at 1000 lines of code can make people dizzy.
0
n3rvp4in
7/21/2008 7:20:10 PM
Ryan Ernest S. Selda wrote:
> "Approximately 800 vulnerabilities discovered in antivirus products"
> 
> 
> http://blogs.zdnet.com/security/?p=1445
> 
> 
> My antivirus solution Kaspersky is one of them... Sigh... :(

To me this kind of thing is a feather in the hat for layered security.
The pro-AV people like myself don't say AV's are perfect, only that
their imperfection is less of a threat than a relative NOOB not having one.

As a coder I doubt if there is any software out there without some thing
that can be leveraged as an attack. We just haven't found them all yet,
and they aren't always found before an attack like the problem with the
servers here at GRC. Imagine an army of bots each armed with a pan.
0
Dave
7/21/2008 7:44:17 PM
Dave Keays wrote:

> To me this kind of thing is a feather in the hat for layered security.
> The pro-AV people like myself don't say AV's are perfect, only that
> their imperfection is less of a threat than a relative NOOB not having one.
> 
> As a coder I doubt if there is any software out there without some thing
> that can be leveraged as an attack. We just haven't found them all yet,
> and they aren't always found before an attack like the problem with the
> servers here at GRC. Imagine an army of bots each armed with a pan.


[Nods...]
0
Ryan
7/22/2008 2:08:49 AM
Kiyomori wrote:

> This has already appeared here, on 8th July, in a thread entitled
> "Approximately 800 vulnerabilities discovered in antivirus products"


Ooops... Sorry for the double post I've made... I just didn't scan 
enough on the top pages of the newsgroup...


> I am not convinced. See
> 
> http://www.12078.com/groups/security:125887
> 
> This is just a rival AV company trying to generate sales.


I see... A bias sort of thing... :-/

0
Ryan
7/22/2008 2:20:42 AM
Reply:

Similar Artilces:

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...

Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...

Is security software becoming a security risk?
"Due to bugs in antivirus software, the security suite becomes a risk by itself, and adding multiple pieces of security software makes the problem worse, not better "... <http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html> or http://preview.tinyurl.com/2nkk9r -- js http://justheadlines.exofire.net john s. smith wrote: > "Due to bugs in antivirus software, the security suite becomes a risk > by itself, and adding multiple pieces of security software makes the > problem worse, not better "... > ...

Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...

Security Risks of using built-in security controls?
Hi,Our IT team have a policy whereby a database Server is not allowed on any of our web servers, for security reasons.  With the onset of the in-built security controls, the SQL server is automatically created and placed in the App_Data folder which resides on the web site.Could anybody point me to literature that would inform us whether having the SQL server on the web site will compromise the security of our web server, together with any ads or disadvantages of using this system.Also, if  SQL server is not allowed on the Web server, is it possible to use&...

Security: Show Passwords MAJOR SECURITY RISK
Name: Mx Email: mklein01atgmaildotcom Product: Firefox Summary: Security: Show Passwords MAJOR SECURITY RISK Comments: The ability of anyone to view saved passwords is a major security risk. PASSWORDS should be ENCRYPTED WITH A USER SELECTED PASSWORD Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 From URL: http://hendrix.mozilla.org/ ...

Netstorage Secure then UN-Secure
Have a problem with Netstorage: I log in under the secure website of https://ipaddress:51443/oneNet/NetStorage and then after drilling down to folder, the secure web site changes to http://ipaddress:51443/oneNet/NetStorage/Documents. Why??? does it go to the unsecure site? Claudia, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com...

Web resources about - Are Security Products a Security Risk? - grc.security

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Mali's security forces hunt down three suspects
President Keita announces 21 people killed in brazen attack on luxury hotel in Bamako with three suspects on the run. Malian security forces ...

DEUTSCHE BANK: Killing passwords is the future of security
... smart tech that knows how you hold a phone. The Financial Times reports that the bank is looking at replacing passwords with biometric security ...

Security for pope almost doubles ahead of Africa trip
Amid heightened concerns for global terrorism, the Vatican is leaving little to chance, despite the normally nonchalant pontiff

Deutsche Bank test password-free security
The bank hopes the system will free customers from passwords and allow it to lift limits on mobile transactions, the FT reports.

Lord of the Paranoids: New Yahoo security exec on protecting a billion-plus accounts
Bob Lord, Yahoo's new security chief, will lead a team called the Paranoids. Like all security executives, he has a tough job.

After Math: That's it, we're calling security
It's been a heck of a week. With the world still reeling from the Paris attacks, more people than ever are concerned with their personal security. ...

Resources last updated: 11/23/2015 11:14:08 AM