Recently, I’ve noticed that Anti-virus/spyware/firewall software has been in the headlines more for their flaws then their benefits. Today you can have protective software all over your PC and get compromised anyway. Worse, your security software may have provided the hole that is used to compromise you, or that a bug allowed malicious software to turn off your protection. Some recent examples of flaws in security software: idefense has released an advisory about a McAfee flaw that could be used in conjunction with a web browser flaw (for example) to replace McAfee’s files with malicious versions and potentially fully compromise a machine. Prior to that other examples abound. Symantec had an ActiveX flaw in their online scanner that could allow malicious hackers to use their ActiveX control to install malicious code. Around the same time (mid 2003) Trend Micro had a similar ActiveX problem with their own online scanner. These are by no means the only flaws found and nearly all the top security companies have had such problems. Google reveals much if you just ask it nicely. See here for Trend Micro, here for Symantec and here for McAfee. The question this should have users asking, is “If we can’t trust the people putting the locks on our doors to do a good job, who can we trust?”
