Security product flaws attract attackers
This week's Witty worm marks the latest case in point
March 26, 2004 12:00 PM ETComputerworld -
The software vulnerability exploited by this week's Witty worm is only the latest in a growing list of flaws being discovered in the very products users invest in to safeguard their systems.
"This is a new realm of risk that users must confront: the security of security [products],"said Andrew Plato, president of Anitian Enterprise Security, a systems integration and consulting firm in Beaverton, Ore.
The Witty worm, which was reported to have damaged 15,000 to 20,000 computers worldwide, took advantage of a flaw involving the BlackIce and RealSecure intrusion-prevention products from Atlanta-based Internet Security Systems Inc. (ISS) (see story). The worm wrote random data onto the hard disks of vulnerable systems, causing the drives to fail and making it impossible for users to start up the systems.
The flaw was the result of a buffer-overflow condition in a function used to detect peer-to-peer traffic, said Chris Rouland, director of the X-Force security team at ISS.
The company worked to "very quickly mitigate the risk" after being informed of the problem by eEye Digital Security Inc., Rouland added. But Witty was released "almost immediately" after the fix became available and before many users had time to respond, he said.
Rouland noted that the number of major flaws that have been discovered in ISS products over the past five years has been limited to two. That's well below the industry average, he stressed, because ISS follows strong quality and code-audit processes.
Just a few weeks earlier, a vulnerability caused by an unchecked buffer was discovered in a firewall from Zone Labs Inc. in San Francisco. Fred Felman, vice president of marketing at Zone Labs, said his company also responded quickly, so no exploits were reported. Zone Labs follows "stringent" processes for product quality, Felman added.
In February, vulnerabilities were discovered in a firewall from Check Point Software Technologies Ltd. that could have allowed attackers to modify firewall rules (see story).
Similarly, a critical vulnerability was discovered in an Internet security product from Symantec Corp. that would have let attackers gain remote access to a compromised system. Overall, security vendors average about four critical vulnerabilities each year, according to statistics from ISS.
The trend isn't a particularly comforting one, Plato said. "Users should be very worried about this. The mad dash to be 'first to market' on every feature often creates sloppy engineering," he said.
Security software is becoming an attractive target for attackers, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc. "If you are a hacker and you want to
Viruses
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

