Is there anything to fear in the world of information technology (IT) security? For many years, McAfee, Symantec, and other antivirus software manufacturers have tirelessly helped companies keep their networks safe from attacks by viruses, Trojans, and other types of malicious code that can cause significant damage. However, the “knights of computer protection” have now found themselves in a position where their security software is no longer sufficient to defend against attacks, and these very programs can be exploited to attack users.
Recently discovered security vulnerabilities in the security software from McAfee, Symantec, and Trend Micro allow hackers to take control of computers. While most antivirus software is distributed through downloads, making it difficult for hackers to obtain the code of these programs, these security flaws have raised concerns about the security response strategies of the antivirus industry. This presents a new opportunity for Microsoft to enter the security market.
Earlier this week, Symantec officially disclosed that its antivirus library is completely vulnerable to attacks through a buffer overflow security flaw. Hackers can exploit this vulnerability to take control of computers using this type of library. This security flaw affects a variety of Symantec products, including Symantec Norton SystemWorks, Symantec Norton Internet Security, Symantec Norton AntiVirus, Symantec Gateway Security, Brightmail Anti-Spam, and Symantec Client Security.
Security researcher Alex Wheeler was the first to report the security flaw in Symantec’s security products. In fact, back in February, while still a member of the X-Force research team at Internet Security Systems, Symantec’s competitor, Wheeler discovered the security flaw in the antivirus library affecting Brightmail AntiSpam, AntiVirus Corporate Edition, and other Symantec products. This security flaw allows hackers to exploit the DEC2EXE module, a scanning engine component that can access the Ultimate Packer to execute files in compressed archives and cause buffer overflow issues.
While Symantec has made efforts to patch the security vulnerabilities in its products, competitor McAfee also officially alerted users this week that a series of its antivirus software versions contain a vulnerability allowing for “arbitrary file overwrite,” enabling hackers to create and modify binary files to write data onto users’ computers. McAfee quickly released a patch for this security vulnerability.
Not only that, but even Trend Micro’s PC-Cillin Internet Security Antivirus software is not exempt. VeriSign iDefense discovered a security flaw in Trend Micro’s security product that allows hackers to escalate user access or disable security capabilities. This security flaw affects versions 12.00 and 12.44. Hackers can exploit this vulnerability to overwrite binary codes operating at the system level, allowing them to take control of users’ computer systems.
Thus, the issues faced by McAfee, Symantec, Trend Micro, and other security firms indicate that these products do not perform better than other software at the code writing level, according to Fred Cohen, an analyst at Burton Group. However, since hackers can no longer easily embed code into software distributed over the internet, the threat of exploiting security code remains.
This raises the question of how much trust we place in these security software providers and the update models they implement. It must be a reactionary measure to ensure security, but it also needs to be based on user trust in software providers when they install software on their computers. Cohen poses a question: “What happens if someone within these security companies installs a Trojan on their own systems?”
Meanwhile, these security flaws will force antivirus experts to prove that their software is the best. Microsoft is poised to step into this market. Gartner VP and colleague John Pescatore stated: “Many antivirus software companies say, ‘Yes, right, who would buy antivirus software from Microsoft when they themselves cannot secure their own products?” But what if Microsoft’s products are cheaper than those of other developers, especially when those developers cannot demonstrate that their products are of higher quality than Microsoft’s? Failure is a very real possibility.
Recent events may stoke the flames of change in trust levels regarding the installation and update models of antivirus software. A long-term solution to the disaster for antivirus software must involve a trust initiative model where digital keys, certificates, and passwords are stored on processors in computers, servers, and hardware. “This will have significant implications for the antivirus market and malware in the next 5 to 7 years,” Cohen noted.
Why is such a long time frame necessary? Because the 15 million computers offered by PC vendors are not sufficient to make an impact. “You need at least 100 million trusted computers,” Cohen explained. This will not happen until the next cycle of PC replacement occurs—a cycle that typically takes 3 to 5 years.
