Software Report [Bugs and Fixes: Serious Holes in Antivirus Software - 05/11/2005]

Discussion in 'Anti-Virus' started by Ablang, May 13, 2005.

  1. Ablang

    Ablang Guest

    May 11th, 2005

    Bugs and Fixes: Serious Holes in Antivirus Software

    Contrib. Ed. Stuart J. Johnston

    What if the bad guys found ways to infiltrate your computer through
    the very antivirus software that you thought was protecting you?
    Recent discoveries suggest that this scenario isn't so far-fetched.

    If you have the latest antivirus definitions, aren't you protected?
    Not necessarily. Most programs have an automatic update feature that's
    turned on by default, but the tool may update only the definitions,
    not other software modules such as the scanning engine. The good Several antivirus software companies have patched their programs to
    fix this vulnerability.

    McAfee, for example, updated the scanning engine of its VirusScan
    software to block a hole that could let a cracker control your PC
    while the engine appears to be scanning for viruses. The vulnerability
    affects all versions of VirusScan and Internet Security Suite that run
    on all versions of Windows from 98 through XP.

    McAfee says that most users should have received its fix via automatic
    updates. But to be sure, confirm that you have VirusScan engine 4.4.00
    or later. For more on the patch, visit McAfee's virusscan 4320 buffer
    overrun vulnerability page:

    At about the same time, Symantec fixed a similar hole in its Norton
    AntiVirus scanning engine. For further information on the
    vulnerability, go to Symantec's security response page:

    The scanner is included in such Symantec products as Norton AntiVirus
    2004 for Windows, Norton Internet Security 2004 Professional for
    Windows, and Norton System Works 2004 for Windows (the 2003 and 2005
    versions of these products aren't at risk because they lack the code
    that has the vulnerability). You can obtain the updated antivirus
    engine from a Symantec support page:

    But that's not the end of Symantec's woes. Read "Symantec Acknowledges
    Two Holes in Antivirus Products" for the latest problems:

    Finally, Trend Micro and F-Secure have fixed a similar hole in their
    antivirus scanning engine. If you use Trend Micro programs, such as
    PC-cillin Internet Security, you need scanning engine 7.510; for
    details, visit the relevant Trend Micro page:

    If you use an F-Secure product, such as Anti-Virus 2004 or 2005, read
    F-Secure's security bulletin and pick up the most recent version:

    Trend Micro has had a difficult few months; read "Trend Micro Will Pay
    for PC Repair Costs" for details on another problem:

    Windows Media Player 9 Still Vulnerable

    As I reported in April, Microsoft said it was working on a Windows
    Media Player update to fix a security glitch that PC World's staff had
    found in versions 9 and 10:

    So far, the company has patched WMP 10, which runs on Windows XP only,
    but not version 9. Microsoft says that upgrading to version 10 is one
    fix for the flaw in version 9--but if you don't use XP, you're out of
    luck. The company is working on a patch but says it can't yet give an
    availability date.

    Firefox Fix

    Mozilla patched a hole in its Firefox browser that, if left open,
    could let a rogue take over your PC. To find trouble, you'd need to
    click a link in a booby-trapped site or HTML e-mail. You're vulnerable
    if you have Firefox 1.0.1 or earlier. Head to PC World's downloads
    site and get the latest version:

    Problem With a Microsoft Patch

    Some Windows 98 and Me users who installed Microsoft patch MS05-002
    (details, again, are in my April Bugs and Fixes column) experienced
    crashes or slower performance in the aftermath. There's no patch for
    the patch yet, but Microsoft is studying the problems. For now, the
    workaround is to uninstall the patch--thereby reopening the original

    RealPlayer Update

    RealNetworks fixed RealPlayer to block a hole that let attackers send
    poisoned .smil or .wav files. For details, visit RealNetworks'
    releases update page:


    Found a hardware or software bug? Write to Stuart Johnston:
    bugs at

    Read Stuart J. Johnston's regularly published "Bugs and Fixes"

    "Until last October, Christ had a very limited involvement in my life. I believed in God; I just never had to prove I believed. Belief is an absence of proof."
    -- Boston Red Sox pitcher Curt Schilling
    Ablang, May 13, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.