Insecurity in security software presented at Virus Bulletin 2005

by Andreas Marx (,


Summary : Data security software and, in particular, AV programs are widely deployed throughout companies, organizations, and private homes. Without this protection, users are at high risk of malware infection. But what happens when the protective software becomes the vector for compromise? In the first part of 2005, several security vulnerabilities - especially buffer overflows - were discovered in a wide range of security products. Both open source software such as ClamAV and commercial tools from Symantec, F-Secure, Trend Micro, and Computer Associates have been affected. In this paper, we discuss the additional risk of infection caused by these vulnerabilities in AV and other security software, including how this risk can be reduced by the developers and by the users of the products.