A Google researcher unveiled a number of vulnerabilities in the Sophos Antivirus software during a presentation at the Black Hat security conference.
Tavis Ormandy said that the virus software's encryption was weak and easy to crack and likewise the signature mechanism the software uses was also described as weak and easily generated in order to floor users with false positives.
Sophos said that Ormandy had already discussed the findings with the firm and that they considered his work a 'programming audit' which was already resulting in improvements to the security software.
Ormandy said that he chose Sophos 'at random' as it was a popular package and that simular vulnerabilities may exist in other security software.
The researcher said that one issue with the code quality of antivirus software is that the software is developed in secret without 'peer review'.
went further to suggest that complex antivirus software created additional opportunities for malicious software to attack systems.
Advertisement
Related Stories
- Developer fined £50,000 over fake Angry Birds app May 25th 2012 at 12:28PM
- Google introduces Knowledge Graph for more intelligent search May 17th 2012 at 10:55AM
- Google's multi-Nexus Android strategy May 16th 2012 at 12:56AM
- Mozilla, Google blast Windows RT browser restrictions May 11th 2012 at 3:47AM
- Java judge will not rule on Android "fair use" May 11th 2012 at 1:52AM
- iOS update fixes bugs and security flaws May 8th 2012 at 5:45AM
- Google lets anyone be a TV station May 7th 2012 at 10:55PM
- Jury fails to fully decide in Oracle vs Google May 7th 2012 at 10:28PM
- Jury struggles for verdict in Oracle vs Google May 6th 2012 at 11:56PM
- Microsoft fingers Chinese firm in RDP flaw leak May 4th 2012 at 3:00AM
