Infosecurity.US

News, overnight, of several significant discoveries pointing to inherent critical flaws (more code cruft, poor design, logic errors, and bloatware) in security software vendors (Symantec Coporation (NasdaqGS: SYMC),  Kapersky Lab, FRISK Software International (F-Prot), Norman Data Defense Systems and IKARUS Security Software) products. A short snippet from HeiseSecurity Online, including links detailing these and other issues, appears after the jump.

From the original post at HeiseSecurity: Security problems in multiple anti-virus products

Symantec has reported a security problem in several of its anti-virus products for business and private users. As a result of a bug, the software can be fooled into overlooking malware when searching through specially crafted archives. The manipulation to create such archives formats them incorrectly, but even so, some applications and unpackers are still able to extract files from them.

This lack of detection is a particular problem at security gateways on network boundaries, with the result that for instance, for businesses, the opportunity of detecting a possible infection threat is reduced to that last line of defence, the anti-virus software on the end user’s desktop. This particularly reduces the effectiveness of multi-tier approaches that use different anti-virus products.

• Microsoft to unveil free anti-virus software (canada.com)
• Conficker gets upgraded with defenses (theregister.co.uk)
• Online attackers feed off of Norton forum purge (theregister.co.uk)
• Ask.com teams up with Symantec (vnunet.com)
• Antivirus software Uninstaller AppRemover (ghacks.net)
• F-Secure Internet Security 2009 Review (bargaineering.com)
• The Conficker Worm: What Happens Next? (cbsnews.com)
• The Conficker Worm: What Happens Next? (cbsnews.com)
• Antivirus Solutions : They All Suck Sometimes (lockergnome.com)
• Anti-virus Software Update (buddypress.southamboyteacher.com)