Welcome to WebmasterWorld Guest from 54.145.221.99

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Security Researcher Discovers Critical Vulnerabilities in Antivirus Product

   
10:51 pm on Nov 6, 2012 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos and advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices.

Ormandy, who works as an information security engineer at Google, disclosed details about the vulnerabilities he found in a research paper entitled “Sophail: Applied attacks against Sophos Antivirus” that was published on Monday. Ormandy noted that the research was performed in his spare time and that the views expressed in the paper are his own and not those of his employer.
Security Researcher Discovers Critical Vulnerabilities in Antivirus Product [pcworld.com]
2:20 pm on Nov 10, 2012 (gmt 0)

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I read this, and I had trouble establishing just how risky these security problems are. Did you have better luck?
8:54 am on Nov 11, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



Skimming it: It introduces multiple buffer overflow vulnerabilities AND removes the protection against overflows in Windows Vista and above. It also makes IE a lot more vulnerable to XSS.

These issues have been fixed, but given they have messed up so badly, would you trust them to secure your OS again?