According to a presentation at the SysScan 360 security conference, Anti Virus software and other security products have security flaws just like every other piece of software on the planet. To some of us, that does not come as a big surprise.
The researcher, Joxean Koret, tested a number of security products and found issues with many of them. The issues ranged from denial of service attacks to the ability to execute arbitrary code.
Anti virus software products often run with the highest system privileges possible. Many of them are huge and when any piece of software is large, the opportunity for security holes grows.
Ben Williams, another security researcher, tested a variety of security products including web and email security gateways, firewalls, remote access servers and others. He says the results were not great.
Security software has to be able to read hundreds of file formats. That requires lots of code – which is one reason that the software has such a large attack surface. More than likely, the security company did not write all this code themselves, but rather licensed it from many different companies. The integration of code from many different vendors adds complexity to applications. Add to this, the fact that the software is running with the highest system privileges and you can see this could present a problem.
Joxean thinks that vendors should find and fix problems themselves – or if not, pay security researchers who do find holes – so he has not disclosed all the bugs he found to the vendors.
According to an article in Network World, some of the vendors were informed and fixed the holes they were told about.
What didn’t he tell them and what holes still exist? Good question.