Illuminations

Wow, it's been a while since I posted. How time flies....

Sowhat from Nevis Labs gave a very well attended presentation at Black Hat Europe last week on "Attacking Anti-Virus Software". He has been running a research project for several months now focussed on  how attackers might be targeting the very software that more than 80% of Enterprises rely on to keep them safe. In just those few months he has discovered numerous vulnerabilities in widely used AV products. Nate McFeters at ZDNet gave a pretty concise summary of Sowhat's presentation that I encourage you to read, so I won't recount all the detail myself.

By demonstrating how vulnerable one of the key security tools in the Enterprise toolbag is, Sowhat has shown just how far we in the security industry have to go to put our own house in order.  A few years back Microsoft used to come in for daily bashings as yet more vulnerabilities and exploits were unearthed in the Windows OS.  At first it looked as if big company arrogance might prevail, and the press lambasted the folks in Redmond for not taking responsibility for creating security holes that you could drive a bus through.  But give credit where credit is due.  Microsoft stepped up and put a focus on security and cleaning up vulnerabilities that few other software companies have (Apple, for instance, have flown under the radar thus far, but it looks like their day in the limelight is coming).  Today, Microsoft have processes and procedures in place that make updates predictable and manageable, they have developed relationships within the security community that improve their visibility into future threats and most importantly they have invested some of their billions in making security an integral part of what they do and cleaning up their own act.  Pretty impressive for a company whose primary revenues do not come from security. Can we expect the same response from the titans of the security industry like Symantec and McAfee?  After all security is their business.  The irony is not lost on me that both these companies ship "NAC" solutions that are client based and are supposed to ensure that your AV is patched and running.  Good to know that the fox is out there guarding the chicken coop.

//Dom