A Google security engineer, Tavis Ormandy, released his findings in a paper following his presentation at Black Hat. Ormandy said his analysis found that Sophos software uses weak or outdated cryptography in the way it builds and matches virus signatures, relies on obfuscation for security too often, and fails to comprehend certain exploitation techniques, among other problems.
From Ormandy:
“My intent for this project was to provide the missing technical speficiations for Sophos Antivirus in order to help those evaluating antivirus do so thoroughly,” Ormandy said. “They’ll be able to make informed decisions about whether this product makes sense in the context in which they want to deploy it.”
Sophos has promised fixes in an upcoming release. When asked if these problems existed in other AV vendors, the suggestion was that it's likely as most of these programs are not that fundamentally different.
It's a troubling concern and hopefully one that's addressed by all AV vendors now that there's some light on the issue.
Posts
No comments:
Post a Comment