Security software is about to turn into the main target of hackers

F-Secure has just released a patch of vulnerabilities that allow multi-code execution in its software package. This once again worries people that security applications become an advantage of hackers.

This Finnish antivirus tool maker rated the update as "very important" because the vulnerability supported the bad guys through censorship to reach and control the system. This event appeared only weeks after rival US company Symantec publicly acknowledged a "serious" buffer overflow in their AntiVirus Library potentially exploiting malicious code.

Thierry Zoller, an independent researcher in Luxembourg, looked at F-Secure's problem and found that many security companies are also releasing products with similar errors. " F-Secure is the first unit to publish bugs ," Zoller said. " Meanwhile, others have silently updated or warned of minor changes to hide the fact that virus-killing mechanisms are in trouble ." Zoller refused to reveal the names of these companies.

Over the past 12 months, a number of big names in the security industry have released many patch updates. Observers said that the day hackers exploit antivirus products to attack the system is very close.

" It is surprising that we have never seen such a case ," said Johannes Ullrich, Technical Director at SANS Security Center (USA). " Security software is the first program to deal with malicious code and exists on nearly every desktop, so if there is a problem, they are truly a perfect target ."

In the list of 20 vulnerabilities in 2005, SANS mentioned an increase in the number of errors in client applications, including antivirus software and backup. Alex Wheeler, an independent researcher, also lists errors that can help hackers overflow the remote buffer in Symantec, Panda, Kaspersky Lab and Sophos programs.

" One day soon, someone will perform a large-scale exploit, causing a serious buffer overflow and being as devastating as any automatic worm attack ," said Marc Maiffret, Director The division exploits the error of eEye (USA), said. " You should not think in the direction that security software is difficult to exploit, because this depends on whether anyone wants to do it or not. "