Are Security Products a Security Risk?

"Approximately 800 vulnerabilities discovered in antivirus products"


http://blogs.zdnet.com/security/?p=1445


My antivirus solution Kaspersky is one of them... Sigh... :(

On Mon, 21 Jul 2008 18:05:21 +0800, Ryan Ernest S. Selda said:

> "Approximately 800 vulnerabilities discovered in antivirus products"
> 
> 
> http://blogs.zdnet.com/security/?p=1445
> 
> 
> My antivirus solution Kaspersky is one of them... Sigh... :(

This has already appeared here, on 8th July, in a thread entitled
"Approximately 800 vulnerabilities discovered in antivirus products"

I am not convinced. See

http://www.12078.com/groups/security:125887

This is just a rival AV company trying to generate sales.

-- 
Kiyomori

On Mon, 21 Jul 2008 12:14:25 +0100, Kiyomori 
wrote:

>This is just a rival AV company trying to generate sales.

May well be the case. But the message itself is valid enough. In fact,
this shouldn't really come as any surprise at all.

I have listened to some discussion of this topic on "Pauldotcom Security
Podcast".  I have to think that this could potentially be a huge
problem, especially those IT guys that seem to rely on the
AV/AS/Anti-Malware products to protect their networks.  One comes to
mind, as he admins the network I use in the evenings, weekends and days off.

I realize that AV vendors and the media like to sensationalize, but one
real problem and its all over for someone's data.  I gave up serious
coding years ago, because I just wasn't that good.  But, even great
coders make mistakes.  Having code reviewed by peers is a way to catch
some things, but even looking at 1000 lines of code can make people dizzy.

Ryan Ernest S. Selda wrote:
> "Approximately 800 vulnerabilities discovered in antivirus products"
> 
> 
> http://blogs.zdnet.com/security/?p=1445
> 
> 
> My antivirus solution Kaspersky is one of them... Sigh... :(

To me this kind of thing is a feather in the hat for layered security.
The pro-AV people like myself don't say AV's are perfect, only that
their imperfection is less of a threat than a relative NOOB not having one.

As a coder I doubt if there is any software out there without some thing
that can be leveraged as an attack. We just haven't found them all yet,
and they aren't always found before an attack like the problem with the
servers here at GRC. Imagine an army of bots each armed with a pan.

Dave Keays wrote:

> To me this kind of thing is a feather in the hat for layered security.
> The pro-AV people like myself don't say AV's are perfect, only that
> their imperfection is less of a threat than a relative NOOB not having one.
> 
> As a coder I doubt if there is any software out there without some thing
> that can be leveraged as an attack. We just haven't found them all yet,
> and they aren't always found before an attack like the problem with the
> servers here at GRC. Imagine an army of bots each armed with a pan.


[Nods...]

Kiyomori wrote:

> This has already appeared here, on 8th July, in a thread entitled
> "Approximately 800 vulnerabilities discovered in antivirus products"


Ooops... Sorry for the double post I've made... I just didn't scan 
enough on the top pages of the newsgroup...


> I am not convinced. See
> 
> http://www.12078.com/groups/security:125887
> 
> This is just a rival AV company trying to generate sales.


I see... A bias sort of thing... :-/