Sunday, November 25, 2007 11:00 americium PST
Recommend this story?
Is the software system we're using to protect ourselves from online onslaughts becoming a liability?
That's what believes. For the past two years, the security applied scientist for n.runs silver have taken a stopping point expression at the manner antivirus software system inspects e-mail traffic, and he believes companies that attempt to better security by checking information with more than than one antivirus engine may actually be making things worse. Why? Because bugs in the "parser" software system system system used to analyze different information data file formattings can easily be exploited by attackers, so increasing your usage of antivirus software additions the opportunities that you could be successfully attacked.
Antivirus software must open up and inspect data in hundreds, if not thousands, of file formats. One bug in the software system system that makes this tin Pb to a serious security breach.
Zoller and his co-worker have got got been looking into this issue for the past two old age and they've more than 80 parser bugs in antivirus software, most of which have not yet been patched.
The flaws they've establish affect every major antivirus vendor, and many of them could let aggressors to run unauthorised codification on a victim's system, Zoller said.
"People believe that putting one Ab engine after another is somehow defence in depth. They believe that if one engine doesn't catch the worm, the other volition catch it," he said. "You haven't decreased your onslaught surface; you've increased it, because every Ab engine have got bugs"
Although aggressors have got exploited parsing bugs in browsers for old age now, with some success, Zoller believes that because antivirus software system system runs everywhere, and often with greater administrative rights than the browser, these flaws could take to even greater jobs in the future.
The underside line, he says, is that Antivirus software is broken. "One e-mail and boom, you're gone," he said.
Research into parsing bugs have been spurred by a heightened focusing in recent old age on "fuzzing" software, which is used by research workers to deluge software system system with a outpouring of invalid information in order to see if the merchandise can be made to crash. This is often the first measure toward discovering a manner of running unauthorised software system system system on a victim's machine.
A parsing bug in the manner the processed .tiff graphical data files was used recently to besiege 's hard-and-fast controls over what software may be installed on the .
Zoller states he have been criticized by his equals in the security industry for "questioning the very gum that throws IT security all together," but he believes that by bringing this issue to the forefront, the industry will be forced to turn to a very existent security problem.
Between 2002 and 2005, nearly half of the exposures that were discovered in antivirus software were remotely exploitable, meaning that aggressors could establish their onslaughts from anywhere on the Internet. Nowadays, that per centum is close to 80 percent, he said.
Zoller's company sees a concern chance here. N.runs, based in Oberursel, , is edifice a product, code-named , that volition aid protect antivirus software system from the sort of parsing onslaughts that he have documented.
, a senior man of science with Business, had some unfavorable judgment for the work of n.runs. "The research almost looks to be goading felons into 'getting better' at attacking exposures ... hardly helpful," he said via instantaneous message. "There's no uncertainty that the listing of exposures they have got already published in security merchandises looks daunting. However, historically, we have got got not seen this type of exposure exploited."
Though Peter Cooper holds that antivirus register parsing exposures make present a risk, he said there are respective grounds they have not yet been the focusing of widespread criminal attacks. For one, felons are already being effectual adequate with their current tactics, such as as sending malicious e-mail attachments. A 2nd ground is that security software system system be givens to acquire more than than scrutiny, meaning that any exposure that was being exploited would be quickly patched, and that any criminal involved in an work would be more likely to be caught.
Security sellers have got long known about exposures in their software, said , main engineering military officer with eEye digital security. "Security software system system is just as vulnerable as any other software," he said via instantaneous message. "We all hire the same developers that went to the same colleges as and learned the same bad habits."