For all that it offers, the Internet is a dangerous place filled with virtual landmines. Inadvertently step on one and it can ruin your day, if not your Windows install. It's imperative to practice safe computing habits, and as a second line of defense, we always recommend an antivirus solution, whether it's a collection of free programs hobbled together or a dedicated Internet security suite. But are they really effective?
Well, yes, which is why we throw several AV solutions in a cage every year to do battle in our annual AV roundup. But nothing is fail-proof, as evidenced by what went down at the Black Hat conference. Google researcher Tavis Ormandy reportedly reverse engineered Sophos' antivirus program and found a couple of weak points, PC World reports.
One of his biggest discoveries is an encryption key stored with the data. According to Ormandy, this method doesn't present much of a challenge to hackers who want to decrypt the data. Ormandy also discovered that buffer overflow protection doesn't do any good on Windows Vista and later builds (including Windows 7). Finally, Ormandy claims the signatures Sophos uses are easily generated by third parties, leaving users open to a flood of false positives.
Ormandy believes these vulnerabilities could apply to other security vendors. As for Sophos, PC World says a spokesperson told them the security outfit is viewing Ormandy's findings as a security audit. At the same time, Sophos posted a blog entry downplaying his findings.
"Tavis has questioned an encryption algorithm we use in a few cases. This algorithm is being phased out," Sophos explains. "However it should be clear that this algorithm is not used to secure data that could compromise users' computers or the customer network. Furthermore, it's important to understand that this algorithm is not used in our encryption products which meet global accepted encryption standards (Common criteria, FIPS)."
Sophos explained away Ormandy's other findings, and said it "can assure customers that their protection is not compromised."