Anti-Virus Scanner Bugs Pile Up - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:19 PM

Anti-Virus Scanner Bugs Pile Up

Vulnerabilities affect older versions of software, so users with up-to-date products not at risk.

A critical vulnerability was disclosed Thursday in the anti-virus engine shared by all McAfee's virus scanners, including those used in its consumer VirusScan and its server-based GroupShield lines.

The flaw were discovered by Internet Security Systems, an Atlanta-based intrusion detection and prevention provider, and marks the fourth time since early last month that ISS has tapped anti-virus scanner bugs. Previously, it named vulnerabilities in Symantec's, F-Secure's, and Trend Micro's product lines. Another security firm, eEye Digital Security, added its voice to the chorus early this month when it publicized bugs within Computer Associates' licensing software that's used in its security software.

But users who have been methodical about keeping their anti-virus products up-to-date are not at risk, a McAfee executive assured users Friday.

"The liability for users is quite low," said Steve Crutchfield, the director of product marketing for McAfee's anti-virus line. "It involves old technology, the VirusScan Scan Engine 4320, which we replaced in November 2004."

Customers who haven't upgraded from the earlier scanning engine should still be safe, said Crutchfield, if they updated their anti-virus signature file on or after March 1, 2005.

"If they're not up to date, they could be vulnerable," added Crutchfield, pointing out that current users who have let their update subscription lapse would be among that number.

According to ISS, hackers could cause a buffer overflow on a targeted PC, server, or gateway using the older scanning engine by crafting a malicious compressed file in LHA format. Once the buffer overflow had been created, the attackers could gain access to the system.

"McAfee AntiVirus Library is likely vulnerable through common protocols, e.g. SMTP, HTTP, FTP, SMB," wrote ISS in its online alert. "No authentication is required for an attacker to leverage this vulnerability to compromise a antivirus protected network or machine. It is likely McAfee AntiVirus Library implementations are vulnerable in their default configurations."

While ISS doesn't mark its advisories with level labels, Danish security firm Secunia called the McAfee vulnerability "Highly Critical," its second-most-dire warning.

The vulnerability is similar to those discovered by ISS's researcher, Alex Wheeler, in rival products, which had flaws -- since patched -- in how they handled compressed file formats such as ARJ (Trend Micro and F-Secure) and UPX (Symantec).

Like other vendors recently named by ISS, McAfee said it welcomed investigation of its products' security. "At the end of the day, we all want to keep our customers happy," said Crutchfield. "We like to work with the research community to make sure that our products are as risk-free as possible.

"No hard feelings," he added.

McAfee has posted a security bulletin on its Web site with more detailed information for customers about the vulnerability and how to correct the problem if they've not recently updated their software.

Another document on the site explains how McAfee anti-virus users can tell if their software is up to date.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll