Every anti-virus scanner on the market compromised by critical vulnerabilities

Davey Winder
Tuesday, 08 July 2008 06:27

Business IT - Security

The company lays most of the blame for this bizarre state of affairs, where the security solution has seemingly become part of the security problem, squarely at the door of parsing. "The principle functions as follows: virus scanners must recognise as many "Malware" applications as possible – and thereby comprehend and process a large number of file formats" n.runs AG says.

In order to interpret these formats the application must partition the file into blocks and structures, a separation of data known as parsing. "Mistaken assumptions in the course of programming the parsing code create constellations which enable the infiltration and subsequent running of programme code" n.runs warns, adding "the quick reactions time expected by developers (regarding threats) contributes to a decrease in the quality of the code."

In other words, the more parsing that occurs, the higher the malware recognition but equally the larger the attack surface. And there lies the rub, the larger that attack surface the greater the target the anti-virus solution becomes. I suspect that it will not take long for the assorted security vendors whose applications have been comprehensively dismissed as "opening the door to attackers" to arrive with a counter argument. Let's hope it is a good one...