Welcome to WebmasterWorld Guest from 54.146.211.211

Forum Moderators: incrediBILL & lawman

Message Too Old, No Replies

Security Researcher Discovers Critical Vulnerabilities in Antivirus Product

     
10:51 pm on Nov 6, 2012 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:22318
votes: 240


Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos and advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices.

Ormandy, who works as an information security engineer at Google, disclosed details about the vulnerabilities he found in a research paper entitled “Sophail: Applied attacks against Sophos Antivirus” that was published on Monday. Ormandy noted that the research was performed in his spare time and that the views expressed in the paper are his own and not those of his employer.
Security Researcher Discovers Critical Vulnerabilities in Antivirus Product [pcworld.com]
2:20 pm on Nov 10, 2012 (gmt 0)

Senior Member from MY 

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 1, 2003
posts:4847
votes: 0


I read this, and I had trouble establishing just how risky these security problems are. Did you have better luck?
8:54 am on Nov 11, 2012 (gmt 0)

Senior Member from LK 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2419
votes: 17


Skimming it: It introduces multiple buffer overflow vulnerabilities AND removes the protection against overflows in Windows Vista and above. It also makes IE a lot more vulnerable to XSS.

These issues have been fixed, but given they have messed up so badly, would you trust them to secure your OS again?