Security Market Segment LS


JUser: :_load: Unable to load user with ID: 3286
Tuesday, 08 July 2008 05:27

Every anti-virus scanner on the market compromised by critical vulnerabilities

More than 800 vulnerabilities have been uncovered within anti-virus products, and every virus scanner currently on the market has at least one highly critical vulnerability. That is the controversial claim of one security vendor which concludes that anti-virus software far from protecting the network throw the doors wide open to attackers...

"During the past few months" the press release from German security outfit n.runs AG warns "specialists from n.runs AG, along with other security experts, have discovered approximately 800 vulnerabilities in anti-virus products." Now that is guaranteed to get anyone's attention.

If not for the relevancy of the information, then at least for the sheer chutzpah in distributing a release making such a claim. After all, n.runs AG has its own anti-virus solution to sell. It is not clear if n.runs AG is including their own Application Protection System Anti-Virus (aps-AV) solution in the 'every virus scanner on the market' is vulnerable statement, but you have to assume it is not.

So how do they come up with what would be a hugely damaging statistic to the security industry as a whole, were it proven to be true?

Security consultant and cyber threats analyst Dancho Danchev reveals that the research cited by n.runs AG is based partly upon Secunia Advisory tracking specifically of anti-virus applications. There is also an element of research from the University of Michigan which looked at the severity of vulnerabilities product by product.

Worryingly, the figures look like having some basis in truth. Danchev quotes a research paper by Feng Xue that was presented at the Blackhat Europe forum earlier this year. "According to the U.S national vulnerability database, 165 vulnerabilities within antivirus products have been reported during the last 4 years" Danchev says.

n.runs AG, meanwhile, concludes that "The tests performed by the consulting company and solutions developer n.runs have indicated that every virus scanner currently on the market immediately revealed up to several highly critical vulnerabilities. Contrary to their actual function, the products open the door to attackers, enable them to penetrate company networks and infect them with destructive code. The positioning of anti-virus software in central areas of the company now poses an accordingly high security risk."

What is parsing and why is it at the heart of the anti-virus scanner security debate? Read on to find out...


The company lays most of the blame for this bizarre state of affairs, where the security solution has seemingly become part of the security problem, squarely at the door of parsing. "The principle functions as follows: virus scanners must recognise as many "Malware" applications as possible – and thereby comprehend and process a large number of file formats" n.runs AG says.

In order to interpret these formats the application must partition the file into blocks and structures, a separation of data known as parsing. "Mistaken assumptions in the course of programming the parsing code create constellations which enable the infiltration and subsequent running of programme code" n.runs warns, adding "the quick reactions time expected by developers (regarding threats) contributes to a decrease in the quality of the code."

In other words, the more parsing that occurs, the higher the malware recognition but equally the larger the attack surface. And there lies the rub, the larger that attack surface the greater the target the anti-virus solution becomes. I suspect that it will not take long for the assorted security vendors whose applications have been comprehensively dismissed as "opening the door to attackers" to arrive with a counter argument. Let's hope it is a good one...

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments