German IT consultancy N.runs has warned that antivirus products can actually open the door to attackers, enabling them to penetrate company networks and load destructive code..
Security specialists from the company claim to have discovered approximately 800 vulnerabilities in antivirus products during the past few months.
N.runs said that every virus scanner currently on the market has several highly critical flaws which could pave the way for denial-of-service attacks and enable the infiltration of destructive code past the security solution into the network.
The company said that 'parsing' is one of the main causes of this problem. In this case virus scanners must recognise as many malware applications as possible, and so must comprehend and process a large number of file formats.
In order to be able to interpret the formats, an application must partition the corresponding file into blocks and structures.
But N.runs said that mistaken assumptions in the course of programming the parsing code create constellations which enable the infiltration and subsequent running of programme code.
"In short, the more parsing that takes place, the higher the recognition rate and the degree of protection from destructive software, but at the same time the larger the attack surface which makes the antivirus product itself a target," said N.runs.
"Systematic industrial espionage, along with the interruption of all email communication, are two of the possible consequences."
The company has developed its Application Protection System AntiVirus in order to complete companies' IT security infrastructure by using multiple engines to overlap security.
Antivirus tools 'pave way' for malware
By Clement James on Jul 1, 2008 5:41AM