Google Expert Reveals Loopholes within Sophos Security Software

In criticizing the security industry, a renowned Google researcher says that the anti-virus sector is confusing its own efficacy via the use of branding and buzzwords as well as highlighting Sophos for supplying flaw-induced software, which malware writers could conveniently exploit. SlashGear reported this on August 5, 2011.

Presenting his discoveries on August 4, 2011 at the Las Vegas held Black Hat Security Conference, Tavis Ormandy, the researcher, in addition to putting down Sophos, slated the overall anti-malware industry.

According to him, there are shortfalls within the signature system of Sophos as also the company's utilization of cryptography, which's capable of crushing the anti-virus application's reliability, letting authors of malicious software to elude the scanning process alternatively establish false-positives.

Furthermore as per the expert, such an anti-virus can only intercept the most general payloads, which aren't modified, therefore it's incredibly frail. SlashGear published this.

Other probable shortcomings, which malware authors can exploit relate to the security application's way of reacting when there are false-positives as also so frustrating users that they would virtually disable the application. Indeed, Ormandy managed to create bogus Sophos signatures utilized for detecting malware as also generate numerous groundless alerts from them.

According to him, the verification signatures Sophos uses are frail, as he delineates factors, which recognize the malicious programs its security software spots. Actually for validating those signatures, Sophos relies on a proprietary system, while the one Ormandy discovered was possible to crack for faking the security firm's signatures. The expert illustrates an attack he calls "pool pollution" wherein false positives are generated onto the target computer till at last the end-user becomes tired of encountering warning notices and deactivates his security application.

He says Sophos overlooked this, consequently its signature system turned out pretty frail.

Meanwhile, the criticisms Ormandy made at the conference received confirmation from a Sophos' representative Vanja Svajcer who informed that initiatives for fixing them were going on.

Nevertheless, Svajcer emphasized that there wasn't any evidence of the flaws getting exploited as also indicated that most malware writers would possibly get excessively involved in particularly customizing malicious programs for attacking Sophos' software.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 8/16/2011