As the pool of easily exploitable Windows security bugs dries up, hackers are looking for holes in security software to break into PCs, analysts said.
Makers of antivirus products have not yet been forced to acknowledge and fix potential problems in their code, analysts with Yankee Group wrote in a research paper published on Monday. As a result, antivirus software is like low-hanging fruit to hackers, according to the analysts.
Microsoft's Windows operating system has been a favourite target of hackers, but new security flaws are being discovered in security products at a faster rate than in Microsoft's products, the analysts wrote. In the 15-month period ending 31 March, 77 separate vulnerabilities have been reported by security vendors, they wrote.
Symantec, F-Secure and CheckPoint are among the vendors that have seen a rise in the number of security issues that affect their products in the past years, according to Yankee Group.
If the trend continues, the number of vulnerabilities for security products will be 50 percent higher than 2004 levels, according to the analysts. While Microsoft flaws continue to flow, the rate has decreased notably, according to the analysts. They credit the release last year of Windows XP Service Pack 2, a security-focused update.
Yankee Group predicts a "rising tide" of vulnerabilities will be found in security products. Software makers should look at their security processes, and users need to get ready to patch security products, the analysts wrote. Also, buyers should ask tough security questions when buying new products, they advise.
Talkback
This is a very interesting article and answers a question for me.
Last week I renewed my subscription to Panda Titanium for another year, and what fun I had. I downloaded v.2005 and installed it only to find that every time I tried to log on to AOL the computer crashed. Then up pops WinPatrol asking if I wanted to allow a programme to install, namely '%systemroot%\system32\dumprep 0 -k'. A search on Google revealed that this could quite possibly be a variant of the Sasser worm, or something very similar. I immediately noyified Panda of this but, so far, they have not replied. Result: I cancelled my sub. and installed another antivirus prog. instead.
Did the Yankee group say what tough questions should be asked and if the average consumer would understand the answers?
The Yankee Group is pro-Microsoft to the max. You're well advised to take their findings with a grain of salt.