Is security software becoming a security risk?

"Due to bugs in antivirus software, the security suite becomes a risk
by itself, and adding multiple pieces of security software makes the
problem worse, not better "...

<http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html>
or
http://preview.tinyurl.com/2nkk9r

-- 
js
http://justheadlines.exofire.net
0
john
11/22/2007 9:24:12 PM
grc.security.software 15003 articles. 0 followers. Follow

5 Replies
1873 Views

Similar Articles

[PageSpeed] 54
Get it on Google Play
Get it on Apple App Store

john s. smith wrote:
> "Due to bugs in antivirus software, the security suite becomes a risk
> by itself, and adding multiple pieces of security software makes the
> problem worse, not better "...
> 
> <http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html>
> or
> http://preview.tinyurl.com/2nkk9r
> 

Interesting report:
http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf 

-- 
Sired, Squired, Hired, RETIRED.
0
Retired
11/22/2007 10:18:01 PM
On Fri, 23 Nov 2007 00:24:12 +0300, john s. smith <reply_here@.> wrote:

> "Due to bugs in antivirus software, the security suite becomes a risk by  
> itself, and adding multiple pieces of security software makes the  
> problem worse, not better "...
That was exactly my point of NOT depending on an AV for security.

Tony.

-- 
Properly read, the bible is the most potent force for atheism ever  
conceived.
0
Anthony
11/23/2007 9:20:18 PM
In grc.security.software, Anthony OZ wrote:

>On Fri, 23 Nov 2007 00:24:12 +0300, john s. smith <reply_here@.> wrote:
>
>> "Due to bugs in antivirus software, the security suite becomes a risk by  
>> itself, and adding multiple pieces of security software makes the  
>> problem worse, not better "...
>That was exactly my point of NOT depending on an AV for security.

I knew you'd like that one. :)

-- 
js
http://justheadlines.exofire.net
0
john
11/23/2007 9:32:19 PM
On Sat, 24 Nov 2007 00:32:19 +0300, john s. smith <reply_here@.> wrote:

> I knew you'd like that one. :)
I wonder why did you argue on it with me way back then?!
:)


Tony.

-- 
Properly read, the bible is the most potent force for atheism ever  
conceived.
0
Anthony
11/23/2007 9:39:01 PM
In grc.security.software, Anthony OZ wrote:

>On Sat, 24 Nov 2007 00:32:19 +0300, john s. smith <reply_here@.> wrote:
>
>> I knew you'd like that one. :)
>I wonder why did you argue on it with me way back then?!
>:)

Just because I post a link to an article doesn't necessarily mean I
agree with it's content. But...

There's never been any doubt in my mind that AV software can have (and
has had) vulnerabilities. Still, I choose to run an AV.

-- 
js
http://justheadlines.exofire.net
0
john
11/23/2007 10:41:37 PM
Reply:

Similar Artilces:

Software [In]Security: Twitter Security
Making Your Thoughts as Small and Incomplete as Possible Just for the record, I don't use Twitter. But if this column were a Twitter entry, it might read something like: http://www.informit.com/articles/article.aspx?p=1350268&cid=nl_DR_DAILY_T -- "If U know neither the enemy nor yourself,U will succumb in every battle" ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

F-Secure Readies Security Software For Linux
F-Secure Corp. on Tuesday unveiled security software for open-source Samba file servers and Linux, addressing a need that's growing within the enterprise market. The Finnish company announced the availability of antivirus software for Samba that automatically detects and removes viruses from files stored on the server. The new product is meant to protect all Samba-attached computers from malicious code that could enter the network from a Windows or Linux machine. Next month, F-Secure plans to ship a Linux version of F-Secure Policy Manager, which will extend centrally managed ...

Book Review: Software Security
I'm jealous. No seriously. If Cigital is actually ran as depicted in the book Software Security - Building Security In, I have to give kudos to Gary and the gang for making an impressive environment for software security. I'm a fan of Gary's writing. If you are a regular reader, you know I loved both his books on Building Secure Software and Exploiting Software. This latest book is, in my mind at least, a balancing act between the two previous books on the topic. Gary calls it the "Ying and Yang". Which makes total sense, since the book cover is of exactly that, ...

Security software to secure USB flash drives?
Hello, does anyone know of some software (preferably freeware that would password protect access to a USB flash drive?) Currentlty the drive I have is open wide as soon as it is plugged in. Any help would be appreciated. Paul -- Calculating in binary code is as easy as 01,10,11. Paul Jackson wrote: > Hello, > > does anyone know of some software (preferably freeware that would > password protect access to a USB flash drive?) > > Currentlty the drive I have is open wide as soon as it is plugged in. > > Any help would be appreciated. >...

What do security guards and computer security software have in common???
http://www.securitynewsportal.com/article.php?sid=920&mode=thread&order=0 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" ...

Open software, secure software
Monday, 1 March 2004, 1:51 PM CET Fifty-plus years ago Grace Hopper used her experiences with programming the UNIVAC with FLOW-MATIC (an open-source project) to write her first compiler paper and the modern era of computing programming began. Some would also say that things haven't improved much since her day. Indeed, the National Institute of Standards and Technology (NIST) estimated that in 2001 $59.5 billion annually, about 0.6 percent of the gross domestic product was being lost because of software bugs. The Sustainable Computing Consortium (SCC), an academic, gove...

Are Security Products a Security Risk?
"Approximately 800 vulnerabilities discovered in antivirus products" http://blogs.zdnet.com/security/?p=1445 My antivirus solution Kaspersky is one of them... Sigh... :( On Mon, 21 Jul 2008 18:05:21 +0800, Ryan Ernest S. Selda said: > "Approximately 800 vulnerabilities discovered in antivirus products" > > > http://blogs.zdnet.com/security/?p=1445 > > > My antivirus solution Kaspersky is one of them... Sigh... :( This has already appeared here, on 8th July, in a thread entitled "Approximately 800 vulnerabilities discove...

Securing Windows: Inside Microsoft's Battle to Deliver Secure Software
Securing Windows: Inside Microsoft's Battle to Deliver Secure Software http://www.eweek.com/category2/0,4148,1252525,00.asp (A record of virus/worms/holes since August 2003 and how Microsoft has battled them) -- Kayode Okeyode http://www.kayodeok.co.uk/weblog/ http://www.kayodeok.btinternet.co.uk/favorites/webdesign.htm ...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...

Web resources about - Is security software becoming a security risk? - grc.security.software

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Security is a major concern for cloud migrations
When it comes to migrating to the cloud, 65 percent of companies are concerned with security, a new survey by Netwrix has unveiled. Moreover, ...

The biggest security mistakes people make with online banking
Living in a technically advanced world leaves us vulnerable any time we go online. That's especially true with online banking. Adam Levin, author ...

UNC lifts brief security alert
The University of North Carolina at Chapel Hill says that a report of an armed person on or near campus was unsubstantiated.

Toy Maker VTech Hires Cyber Forensic Team To Help Beef Up Security After Data Breach
... reportedly exposing many of their photos and chat logs, the Hong Kong-based company says it’s bringing in the pros to help shore up its security. ...

Police Open Investigation Into Security Guard Who Choked Out NFL Fan
Police Open Investigation Into Security Guard Who Choked Out NFL Fan

Homeland Security will hack you if asked nicely
With how many data breaches companies have suffered as of late it makes sense that the Department of Homeland Security is starting to do its ...

Resources last updated: 12/3/2015 5:56:34 PM