Antivirus Products May Not Be So Safe After All
Are antivirus applications as vulnerable to attacks as regular computer programs? Not really, but they aren't totally safe either. A researcher from COSEINC looked for security flaws in 17 of the most important antivirus engines. The study revealed that 14 of them have local or remote flaws which could be exploited by wrongdoers. Among many others, well known names like Avira, AVG, Avast, Bitdefender, Comodo, ESET or Panda were deemed unsafe by the researcher.
Based in Singapore, COSEINC is a respected IT company which specializes in the information security. John Koret, the researcher who conducted the study, said that he found a wide variation of vulnerabilities like denial of access, heap overflow, buffer issues, etc. Although there were a lot of rumors circulating around this subject, this is the first study on the matter that was actually made public.
From John Koret's perspective there are several factors which cause the vulnerabilities in the antivirus programs. According to the researcher most security applications are written in C or C++ which isn't safe as it can lead to buffer overflows, integer overflows, and even more. Another issue comes from the high privileges that the antivirus programs require: when exploited, these applications will offer the hacker administrator/root rights. Furthermore, the updates via the HTTP protocols make the programs susceptible to "man-in-the-middle" schemes. For more information you can read the published study here.
This type of news seems to become a regular occurrence. Just yesterday, a report circulating the Internet stated that Offensive Security found three zero-day errors in Symantec Endpoint Protection. These flaws would allow users to easily move to a higher access level. The Symantec officials said that they are aware of the situation and are currently investigating.
