Approximately 800 vulnerabilities discovered in antivirus products

In what appears to be either a common scenario of “when the security solution ends up the security problem itself”, or a product launch basing its strategy on outlining the increasing number of critical vulnerabilities found in competing antivirus products, the IT/Security consulting firm n.runs AG claims to have discovered approximately 800 vulnerabilities within antivirus products based on exploiting a standard malware scanning process known as “parsing”

http://blogs.zdnet.com/security/?p=1445&tag=nl.e540

http://forum.avast.com/index.php?topic=19387.795
you didn’t double post now marc57 my friend-was it toooo much kiss music in the background to cause you to do this ;D

I looked, but didn’t see it for some reason. Anyway, I think this needs a topic all it’s own. ( And maybe the Alwil team can chime in on this).

( And maybe the Alwil team can chime in on this).
They didn't on the original post. :( Maybe you'll get lucky.... :)

Well, I would approach this statement … with certain doubts.

First, it’s not clear what they really found (and I don’t mean the exact exploits, but the types of vulnerabilities, for example).
Second, it’s not clear how they count it (I mean, if the same vulnerability appears in multiple products, is it counted once or multiple times?) The number 800 seems to be a sum through the whole history of n.runs?
Third, I’ve seen “vulnerability” reports from n.runs that I found really hard to call “vulnerabilities”.
Fourth, as far as I know, we haven’t received any vulnerability report from n.runs for quite some time - except for one report about 2 days ago, which announced some crashes in the Mac version of avast!.
It’s being investigated (of course the program shouldn’t crash) - but it has nothing to do with the scanner itself (it’s some GUI code), occurs on a very specific platform/OS only, and right now it’s not clear if the problem is in avast! or Leopard itself.

Now I’m not saying that n.runs didn’t/doesn’t find quite a few vulnerabilties, I just would be careful about the claims.
“The tests … have indicated that every virus scanner currently on the market immediately revealed up to several highly critical vulnerabilities.” ???
That’s quite an exaggeration, I’d say :wink:

Thanks for the reply igor. (Marc, you got lucky :))

I sure did bob, Thanks for the reply igor.