Slashdot Mirror

← Back to Stories (view on slashdot.org)

Archive Formats Kill Antivirus Products

Posted by kdawson on from the fuzz-in-the-zip dept.

nemiloc sends us to the F-Secure blog for breaking news about widespread vulnerabilities in programs that process archive files: "The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors — including several antivirus vendors... including us." Here is test material from OUSPG and a joint advisory from Finnish and English security organizations. It isn't news that security products can have have security vulnerabilities. What makes this advisory important is that antivirus software is a perfect target. It is run in critical places with high privileges and auto-updates to keep versions coherent.

1 of 115 comments (clear)

  1. Re:There's breakage and there's breakage by mea37 · · Score: 5, Interesting

    Really smart AV software wouldn't make assumptions about the contents of the file (eliminating #3), would always check for exceptions (eliminating #2), and would treat a processing exception pretty much like a virus (neutralizing #1).

    Very little software in practice is that smart. But with AV, you know you're at war with the file you're scanning. Any AV vendor caught by this should be embarrased.