Every anti-virus scanner on the market compromised by critical vulnerabilities
By Davey Winder
Tuesday, 08 July 2008 05:27
Page 1 of 2
"During the past few months" the press release from German security outfit n.runs AG warns "specialists from n.runs AG, along with other security experts, have discovered approximately 800 vulnerabilities in anti-virus products." Now that is guaranteed to get anyone's attention.
So how do they come up with what would be a hugely damaging statistic to the security industry as a whole, were it proven to be true?
Security consultant and cyber threats analyst Dancho Danchev reveals that the research cited by n.runs AG is based partly upon Secunia Advisory tracking specifically of anti-virus applications. There is also an element of research from the University of Michigan which looked at the severity of vulnerabilities product by product.
Worryingly, the figures look like having some basis in truth. Danchev quotes a research paper by Feng Xue that was presented at the Blackhat Europe forum earlier this year. "According to the U.S national vulnerability database, 165 vulnerabilities within antivirus products have been reported during the last 4 years" Danchev says.
n.runs AG, meanwhile, concludes that "The tests performed by the consulting company and solutions developer n.runs have indicated that every virus scanner currently on the market immediately revealed up to several highly critical vulnerabilities. Contrary to their actual function, the products open the door to attackers, enable them to penetrate company networks and infect them with destructive code. The positioning of anti-virus software in central areas of the company now poses an accordingly high security risk."
What is parsing and why is it at the heart of the anti-virus scanner security debate? Read on to find out...
CONTINUED
IT Institute industry certifications earn you credit towards our MBA or Master Degree qualification with Charles Sturt University. Click 
