A spate of bugs have popped up recently in quite a few of the major anti-virus brands, some are old bugs which have just been made public and some are apparently new bugs – just discovered. Nothing too serious it seems (no remote takeover vulnerabilities) mostly just crashes and annoyances.

Included are Symantec’s Norton Anti-virus, Kaspersky Anti-Virus 6.0, F-Prot, IBM Proventia and Clam Antivirus.

Once an occasional inconvenience, serious security bugs and vulnerabilities in anti-virus and security suite products are growing into hardy perennials. Once, running Windows anti-virus was like driving down a dual carriageway. These days, it’s more like an unpaved road.

Last week alone bought a confirmed snag with anti-virus products from Kaspersky Lab and a reported oddity with an update Norton anti-virus from Symantec. Elsewhere an allegedly long running flaw in anti-virus scanner from F-Prot was published for the first time. The Kaspersky bug had the potential to result in serious annoyance. The other bugs are less serious and individually don’t amount to much, but collectively, they’re enough to make you reach for an Ubuntu installation CD or start looking on eBay for a Mac.

First up, let’s consider a misfiring definition update for Kaspersky Anti-Virus 6.0 for Windows Workstations, which sent users into pop-up hell. It was issued on 31 March, and it wasn’t resolved until 2 April.

The worst one in my opinion is the Kaspersky problem, because it’s their own fault? How can a company with so many users, pushing out automatic updates have such poor quality control?

Pushing out an update that messes up a users machine and not fixing it for 3 days is enough to stop using a product for me.

Elsewhere reports on Norton’s support forums on Saturday (4 April) suggest a Symantec update killed right click menu on PCs running Windows Vista. We brought the thread to Symantec’s attention earlier this afternoon and wait the security giant response to the odd, not to say bizarre, reported glitch with interest.

Moving on past glitches there’s also straightforward security vulnerabilities to consider. A flaw in F-Prot involving the scanning of Zip files allegedly creates a possible method to circumvent anti-virus protection. Security researcher Thierry Zoller, who discovered the vulnerability, went public with the flaw on 2 April after F-Prot failed to act for a reported four years.

Zoller also published two other advisories last week, each covering problems with enterprise products and scanning archived files. Malicious RAR archives might make their way past IBM Proventia email security appliances, according to Zoller. He published a limited details advisory after not hearing from IBM for a month. IBM is reportedly investigating the issue.

Clam AntiVirus, the open source anti-virus toolkit for UNIX, which is used to scan email on mail gateways for Windows viruses, also had a problem with RAR files. That problem was plugged late last month but only publicised by Zoller with an advisory last week.

Even the popular Linux/UNIX solution Clam Antivirus didn’t escape testing throwing up a bug when scanning RAR files. I’m surprised AV still has such problems with RAR/Zip and compressed files.

We worked out long ago if you made a batch script to make an almost infinite loop of zip files (zip within zip within zip etc) you could bomb out the CPU totally on most AV e-mail gateways.

I hope 10 years later they aren’t still having the same problems.

Source: The Register

The latest big news is that on February 6th the Kaspersky Customer Records database was hacked through a simple SQL injection flaw on the website. The hacker claimed it was possible to expose all customer data including users, activation codes, lists of bugs, admins, shot and so on. The anonymous hacker hasn’t actually posted any of the data, but has listed the database tables exposed here.

Later Kaspersky has stated that no data was actually exposed, apparently there was a flaw to do with data validation and perhaps only the database table names were exposed – not the data within.

So far though it’s all speculation unless the hacker releases the actual data and Kaspersky comfirms it there’s no way we can know what has actually transpired.

Anti-virus vendor Kaspersky Lab denies any data was stolen during a SQL injection attack launched Feb. 6. Well-known database security expert David Litchfield of NGSSoftware is doing a third-party review for Kaspersky.

Officials at anti-virus vendor Kaspersky Lab are adamant that no data was stolen during a hack of its U.S. support site over the weekend.

According to Kaspersky Lab, on Feb. 6, a hacker exploited a flaw on the Web site to launch a SQL injection attack. After Kaspersky officials received word of the breach Feb. 7, they took down the vulnerable site and replaced it.

The security company maintained in a press conference Feb. 9 that no data had been leaked. However, the anonymous hacker behind the attack publicized table names purportedly taken from a Kaspersky database the hacker accessed.

Kaspersky has already commissioned a 3rd party audit from well-known specialist in Database Security, David Litchfield the principal consultant with NGS Software.

I wonder if Mr. Litchfield will publish his findings publicly or they will be vetted through Kaspersky first, I’d imagine the latter – which again means we might never know the true extent of the vulnerability.

According to the company, the problem was due to the site not properly validating user input. Roel Schouwenberg, senior anti-virus researcher at Kaspersky, confirmed that the names of the tables are accurate. However, having the names of the tables does not mean the hacker actually accessed them, he noted.

Schouwenberg added that no credit card data was stored on the server targeted by the hacker, though there were product activation codes and 2,500 e-mail addresses for people who signed up for a product trial.

“This shouldn’t have happened,” Schouwenberg said, adding he was worried about the impact the hack would have on Kaspersky’s reputation.

The vulnerable code the hacker took advantage of to launch the attack was developed externally and did not go through Kaspersky’s normal code review process, Schouwenberg said.

It shouldn’t have happened? What insight these people have!

They are blaming the vulnerability on code developed externally, and it seems that from the story it’s limited data to do with some kind of software trial. It’s not the full customer records database.

Still I think we need to wait a little longer to get a clearer picture of what is going on, either way it looks like this might be an interesting story for us to follow.

Source: eWeek

It’s gone round and round and round, now cars have Bluetooth, that they can get viruses like Cabir, I’m sorry but if an Anti-virus company like F-Secure can’t infect a car with a virus, I don’t have much hope for the others. The rumours came from a Lexus story in SCMagazine (The story is no longer there, and I don’t have a mirror sadly).

So we got a Toyota Prius to test out the myth. Credit has to be given to Toyota for trusting their systems enough to actually lend the car for us for such testing. According to Toyota, this Prius model had identical in-car Bluetooth systems with the Lexus models, so it was suitable for our tests. This Bluetooth functionality is intended to, for example, transfer the phone book from the car owners mobile phone to the built-in phone of the car.

Source: F-Secure

And to be honest, those that benefit from this viral FUD is the anti-virus companies right? So when an anti-virus company comes out and says that it’s not possible, you know it’s not even a vague threat, as if it was, they would come out with some new super car anti-virus protection version 2006.

After fixing the battery problem, we continued tests and Toyota Prius performed admirably. We managed to find one minor issue with the system (a corrupted phone name would freeze the on-board display), but otherwise the Prius Bluetooth system was far more stable than our test phones and PCs. We had to reboot our test systems several times as their Bluetooth systems died on us, while Toyota Prius just kept going.

Seems pretty solid right?

Reuters decided to reinstate the FUD for some reason, pay-off from an AV firm maybe?

Here’s a new excuse for not getting to work on time on a Monday morning: My car caught a virus.

Car industry officials and analysts say hackers’ growing interest in writing viruses for wireless devices puts auto computer systems at risk of infection.

Source: MSN

Not that an anti-virus firm would have anything to gain from spreading such rumours right?

As carmakers turn to computer security, a lucrative market could open for antivirus firms, which have been touting cell phone security for years without notable success. “People will not use the protection before there are several big epidemics. After that they will understand that it is dangerous to use phones to get online, that you need to be protected,” Kaspersky said.

Next up, Kaspersky Car Edition?