Trend Micro, Zone Labs, ClamAV join list of insecure security products

Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.

The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege escalation or denial-of-service conditions.

http://blogs.zdnet.com/security/?p=466

it looks like they could do with our Comodo Memory Guardian :wink:

Melih

Agreed! Trouble abounds with Trend Micro, as per this article that appears on The Register today:

Hackers prowl for Trend Micro vuln • The Register

Hey, you forgot to add Comodo to the (magic packet) list

I will not even go into the “winlogon.exe” incident,
just say that makers of security-software may not be right ones
to point fingers at other vendors products ?

Buffer overflow problems are apparently relatively common, especially when people rush the coding process (probably because users are banging on their doors, demanding the next release, lol). These can lead to some serious vulnerabilities.

The Comodo registry issue reported by Matousec, as I understand it, can only be exploited from the inside of the machine; not the outside. This does put it in a different classification of vulnerability, IMO.

The winlogon.exe incident was certainly a debacle; happening again because of the process being rushed. BOC has had a number of such as well (perhaps not that severe, but it did recently want to delete several system files). And don’t forget that all the previous BOC versions were dropped and a new one released, due to some buffer overflow problems that were discovered - problems which existed back into BOC’s past, but not discovered.

I don’t think there’s any software that doesn’t come out with various issues; security or otherwise. Certainly security softwares are a target just by the nature of what they’re trying to do. And they’re all in a tough spot; trying to quickly address issues and get products to their customers, without creating problems with the products they’re delivering. Then once problems are discovered, getting those addressed while still continuing to provide updates/upgrades to remain competitive. Then you’ve got testing companies & media blitzes that focus on all the errors/bugs/vulnerabilities in the various applications, without any standardized field of testing. I imagine that’s very frustrating for the vendors…

LM

[color=blue]

Then you’ve got testing companies & media blitzes that focus on all the errors/bugs/vulnerabilities in the various applications

By all good intentions, Testing Companies should be testing these products for vulnerabilities and broadcasting the problems that abound in the vendors software to no end, especially when the End User is paying hefy renewal fees to ensure the highest level of protection whilst connected to the internet. Would you not agree, Little Mac?

To some degree, yes. Things like Matousec’s are good inasfar as they report actual problems like the one gordon linked in. Most don’t, however. They just run various “security” tests without any standard protocols, and then slap a label on the product (whatever their particular label might happen to be) -This one’s bad, this one’s good, this one paid us a lot of $$ to say it’s good, etc. That’s the type of testing I’m referring to - where there’s no documentation, no standardization, and so on.

Matousec, again, seem to try very hard to document everything they do. Their leaktests are obviously biased toward products with some sort of HIPS capabilities; so far that has worked well for Comodo. Their vulnerability testing does not seem to have any bias; if anything they are quite diligent to rip apart every product they come across. The only problem I have with that aspect of their work is that they’ll say a firewall is the best (such as Comodo) but turn around and say that they cannot recommend it to be used. Then they take another firewall (I think they said this about Kaspersky), rip it apart for its vulnerabilities and then turn around and say they recommend it as the best overall.

There are a lot of shysters out there doing so-called “testing” of products and reporting in various types of media blitzes a lot of unverifiable stats about security applications. The generally ignorant public reads these “respected” reports and their opinion of what may actually be a good product is swayed away from that and towards a different, “highly recommended” product.

LM

hey, we use CMG to protect ourselves! :slight_smile: They don’t!

Melih