| Thread Tools |
8th November 2012, 06:17 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,578
| Google slams Sophos security Google security engineer Tavis Ormandy claims that Sophos anti-virus has a number of serious security flaws and should be kept away from important computer systems. Ormandy claims that Sophos needs to avoid easy mistakes and issue patches faster. In a 30-page analysis with the catchy title "Sophail: Applied attacks against Sophos Antivirus", he listed several flaws "caused by poor development practices and coding standards". Sophos made matters worse by not responding quickly enough to the warning he had working exploits for those flaws. For example Sophos' on-access scanner could be used to launch a worm by targeting a company receiving an attack email via Outlook, he claimed. He tested all this on a Mac, but believes that the "wormable, pre-authentication, zero-interaction, remote root" affected all platforms running Sophos. Ormandy's conclusion was that installing Sophos Antivirus exposes machines to considerable risk. If Sophos does not urgently improve its security, its continued deployment causes significant risk to global networks and infrastructure. He said that he gave Sophos two months to fix the flaws before he published. Needless to say Sophos was a little miffed. Writing in its bog it said that the bulk of vulnerabilities had been fixed and that the company had not seen the fixed flaws being exploited in the wild. It plans on releasing further fixes on November 28. But it appears that Ormandy and Sophos disagree about how long it should take to fix problems. Sophos estimated it would take six months to produce a patch that involved fixing a "single line of code" after Ormandy had a few words it agreed to two months. Ormandy said that Sophos was "working with good intentions" but "ill-equipped to handle the output of one co-operative security researcher working in his spare time". http://news.techeye.net/security/goo...ophos-security |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
EA Slams NPD Reports | Stefan Mileschin | WebNews | 0 | 3rd July 2012 07:45 |
Linus Torvalds slams Nvidia | Stefan Mileschin | WebNews | 0 | 18th June 2012 10:41 |
One in Every Five Mac Computers Harbors Malware, Sophos Research Reveals | Stefan Mileschin | WebNews | 0 | 25th April 2012 06:47 |
Intel slams tablets | Stefan Mileschin | WebNews | 0 | 4th January 2012 06:31 |
Apple Won't Give Mac Users Free Virus Protection, So Sophos Decides To | jmke | WebNews | 0 | 4th November 2010 16:31 |
Google releases Skipfish: automated web security scanner | jmke | WebNews | 0 | 21st March 2010 15:19 |
Google snaps up anti-spam and data security firm Postini | jmke | WebNews | 0 | 9th July 2007 16:45 |
Microsoft Security Patch Can Cause Security Issues to Internet Explorer | jmke | WebNews | 0 | 18th August 2006 10:09 |
Firefox 2.0 alpha 3 available today, including Google security features | jmke | WebNews | 0 | 31st May 2006 21:23 |
Thread Tools | |
| |