Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form

Reducing the security software attack surface

Posted on January 15, 2016January 24, 2016 By Davey Winder

In light of myriad recent flaws across a whole raft of products, just how secure are endpoint security solutions anyway?

Trend Micro is the latest in an increasingly long list of security vendors found wanting when it comes to securing their own products. The Trend Micro ‘Password Manager’ vulnerabilities which would enable hackers to execute malicious code and the contents of the password vault, were uncovered by Google Project Zero researcher Tavis Ormandy. Trend Micro moved quickly to fix the vulnerability, working with Ormandy to identify the flaw and then creating a patch. ActiveUpdates in the product can’t be turned off which means that when the update was rolled out, it was quickly uploaded to all customers. By their very nature, antivirus and security solutions have a large attack surface; they offer lots of layers of protection and are comprised of myriad component structures. It goes without saying that there is a lot of code, often running with high privilege, that has the potential to be flawed.

Click here to read complete article

Analysis Tags:Analysis, News, Programming, Software

Post navigation

Previous Post: Steganography: the art of concealment
Next Post: LostPass attack reveals LastPass 2FA phishing weakness

Related Articles

Microsoft Outlook Warning: Critical New Email Exploit Triggers Automatically—Update Now Analysis
Is Bitwarden Doing Enough To Prevent Password Theft? New Research Reveals Attack Vector Analysis
Twitter Just Weakened Account Security For Almost 368 Million Users Analysis
Is ChatGPT a security threat? I asked, the AI bot replied. Analysis
Wordcloud with Cyber Security at centre No, PayPal Hasn’t Been Hacked: Yet Almost 35,000 Accounts Were Breached Analysis
You Need To Fix Google Chrome’s Mojo, Here’s How & Why Analysis

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government hack Hackers Hacking healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Threatscape Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2023 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy