This is cache of http://feeds.feedburner.com/~r/DanchoDanchevOnSecurityAndNewMedia/~3/344429091/vulnerabilities-in-antivirus-software.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Vulnerabilities in Antivirus Software - Conflict of Interest
2008-07-24 04:38:07 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
 
Vulnerabilities within security solutions -- antivirus software in this case -- are a natural event, however, the conflict of interests and failure of communication between those finding them and those failing to acknowledge them as vulnerabilities in general, harms the customer. How they get count, and how is their severity measured in a situation where a vulnerability bypassing the scanning method of an antivirus software allowing malware to sneak in, is less important than a remote code execution through the antivirus software, is a good example of short sightedness. Here's a related development regarding a recent study regarding vulnerabilities in antivirus software - "McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position" :

"Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products :

“A recent ZDnet blog discusses a large number of vulnerabilities German research team N.Runs says it found in antimalware products from nearly every vendor. The ZDNet posting includes scary graphs to frighten users of security products. We researched the N.Runs claims by analyzing the raw data and found their claims to be somewhat exaggerated. We will discuss our findings (and make available our source data) in the attached document. We have also provided our source data for anyone who wishes to examine it.”

Today, n.runs AG has issued a response to McAfee’s statement, providing even more insights into the vulnerabilities they’ve managed to find, how they found them, and why are the affected antivirus vendors questioning the number of flaws in general."

Consider going through the interview with Thierry Zoller as well.

Related posts:
0bay - how realistic is the market for security vulnerabilities?
Was the WMF vulnerability purchased for $4000?!
Where's my 0day, please?
Scientifically Predicting Software Vulnerabilities
Zero Day Initiative "Upcoming Zero Day Vulnerabilities"
Delaying Yesterday's "0day" Security Vulnerability
Shaping the Market for Security Vulnerabilities Through Exploit Derivatives
Zero Day Vulnerabilities Market Model Gone Wrong
Zero Day Vulnerabilities Auction
The Zero Day Vulnerabilities Cash Bubble
 
Tags: vulnerabilities, day vulnerabilities, security vulnerabilities, antivirus software, day vulnerabilities auction, software vulnerabilities, products, runs claims, security products
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia