Antivirus software criticised at Black Hat conference

Google researcher highlights issues with Sophos
Author:
Publish date:
3_blackhat184.jpg

A Google researcher unveiled a number of vulnerabilities in the Sophos Antivirus software during a presentation at the Black Hat security conference.

Tavis Ormandy said that the virus software's encryption was weak and easy to crack and likewise the signature mechanism the software uses was also described as weak and easily generated in order to floor users with false positives.

Sophos said that Ormandy had already discussed the findings with the firm and that they considered his work a 'programming audit' which was already resulting in improvements to the security software.

Ormandy said that he chose Sophos 'at random' as it was a popular package and that simular vulnerabilities may exist in other security software.

The researcher said that one issue with the code quality of antivirus software is that the software is developed in secret without 'peer review'.

went further to suggest that complex antivirus software created additional opportunities for malicious software to attack systems.

Related