So a recent Google blog post talked about some really bad things they found in Kaspersky Antivirus. Apparently having that software on your machine actually makes you vulnerable to drive by exploits - that is, your system can be p0wned just be visiting a website or getting an email - and not even reading it!
What's truly amazing about this is that some of the attack vectors are simple buffer overflow attacks. There's nothing new about buffer overflows; they are caused by sloppy code and the software industry has a long, tragic history of repeating that particular sloppiness again and again. It's beyond astonishing that a respected A/V vendor like Kaspersky would repeat these mistakes in their own code!
Not that other A/V vendors are any better: Google has also found problems with Sophos and ESET.
Ars Technica says that you and I don't need to worry much as this type of exploit is more likely to be launched against a bank or high value company. I'm not sure that makes me any happier.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2015-09-25 Anthony Lawrence
Computers have been taught to distrust each other and will reject attempted connections most of the time. Nowadays, most computers and firewalls are utterly rude about it: it would be like asking someone to dance and having them ignore you as though you were invisible and inaudible. (Tony Lawrence)