Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Virus and Vulnerability Roundup
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Security product flaws attract attackers

This week's Witty worm marks the latest case in point

March 26, 2004 12:00 PM ET

Computerworld - The software vulnerability exploited by this week's Witty worm is only the latest in a growing list of flaws being discovered in the very products users invest in to safeguard their systems.
"This is a new realm of risk that users must confront: the security of security [products],"said Andrew Plato, president of Anitian Enterprise Security, a systems integration and consulting firm in Beaverton, Ore.
The Witty worm, which was reported to have damaged 15,000 to 20,000 computers worldwide, took advantage of a flaw involving the BlackIce and RealSecure intrusion-prevention products from Atlanta-based Internet Security Systems Inc. (ISS) (see story). The worm wrote random data onto the hard disks of vulnerable systems, causing the drives to fail and making it impossible for users to start up the systems.
The flaw was the result of a buffer-overflow condition in a function used to detect peer-to-peer traffic, said Chris Rouland, director of the X-Force security team at ISS.
The company worked to "very quickly mitigate the risk" after being informed of the problem by eEye Digital Security Inc., Rouland added. But Witty was released "almost immediately" after the fix became available and before many users had time to respond, he said.
Rouland noted that the number of major flaws that have been discovered in ISS products over the past five years has been limited to two. That's well below the industry average, he stressed, because ISS follows strong quality and code-audit processes.
Just a few weeks earlier, a vulnerability caused by an unchecked buffer was discovered in a firewall from Zone Labs Inc. in San Francisco. Fred Felman, vice president of marketing at Zone Labs, said his company also responded quickly, so no exploits were reported. Zone Labs follows "stringent" processes for product quality, Felman added.
In February, vulnerabilities were discovered in a firewall from Check Point Software Technologies Ltd. that could have allowed attackers to modify firewall rules (see story).
Similarly, a critical vulnerability was discovered in an Internet security product from Symantec Corp. that would have let attackers gain remote access to a compromised system. Overall, security vendors average about four critical vulnerabilities each year, according to statistics from ISS.
The trend isn't a particularly comforting one, Plato said. "Users should be very worried about this. The mad dash to be 'first to market' on every feature often creates sloppy engineering," he said.
Security software is becoming an attractive target for attackers, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc. "If you are a hacker and you want to



Jump to comments

Viruses

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.