Language Selection

English French German Italian Portuguese Spanish

Security tools face increased attack

Filed under
Security

Software makers of ubiquitous anti-virus products have not yet been forced to acknowledge and fix potential problems in their code, analysts with Yankee Group wrote in a research paper published Monday in the US. As a result, antivirus software is like low-hanging fruit to hackers, according to the analysts.

Microsoft's Windows operating system has been a favorite target of hackers, but new security flaws are being discovered in security products at a faster rate than in Microsoft's products, the analysts wrote. In the 15-month period ending March 31, 77 separate vulnerabilities have been reported by security vendors, they wrote.

Symantec, F-Secure and CheckPoint Software Technologies are among the vendors that have seen a rise in the number of security issues that affect their products in the past years, according to Yankee Group.

If the trend continues, the number of vulnerabilities for security products will be 50 percent higher than 2004 levels, according to the analysts. While Microsoft flaws continue to flow, the rate has decreased notably, according to the analysts. They credit the release last year of Windows XP Service Pack 2, a security-focused update.

Yankee Group predicts a "rising tide" of vulnerabilities will be found in security products. Software makers should look at their security processes, and users need to get ready to patch security products, the analysts wrote. Also, buyers should ask tough security questions when buying new products, they advise.

Source.

More in Tux Machines

Leftovers: Gaming

Leftovers: Software

today's howtos

ACPI, kernels and contracts with firmware

This ends up being a pain in the neck in the x86 world, but it could be much worse. Way back in 2008 I wrote something about why the Linux kernel reports itself to firmware as "Windows" but refuses to identify itself as Linux. The short version is that "Linux" doesn't actually identify the behaviour of the kernel in a meaningful way. "Linux" doesn't tell you whether the kernel can deal with buffers being passed when the spec says it should be a package. "Linux" doesn't tell you whether the OS knows how to deal with an HPET. "Linux" doesn't tell you whether the OS can reinitialise graphics hardware. Read more