Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Security on Windows Vista? What a Joke!

Sophos Antivirus vulnerable to attacks

By Bogdan Popa, Security and Search Engines Editor

7th of September 2007, 20:36 GMT

Adjust text size:


Sophos Antivirus
Enlarge picture
Sophos Antivirus is one of the top security solutions which are also compatible with the latest version of Windows, Vista. Because I'm sure that many of the Vista fans out there are
looking for a security tool for their computers, I feel sorry to inform you that Sophos Antivirus contains a security flaw that might allow the attackers to infect your computer. It sounds like an antivirus product which, instead of protecting your computer, it actually infects it. Well, that's a problem. The parent company Sophos confirmed the problem and said the security hole can be easily exploited using malicious CAB, LZH or RAR files.

"Handcrafted CAB, LZH or RAR files with modified headers were not being processed appropriately by the virus engine, so that malware hidden within these archive files was not being detected by the virus engine," Sophos mentioned in a security notification published today.

The entire exploitation of the flaw is quite simple. The attacker sends a dangerous file to the vulnerable user and, because the antivirus is not able to detect the malware, he manages to make the consumer's computer open to attacks. "The maximum impact that this evasion vulnerability could permit is that malware could be activated on a computer that does not have an on-access scanner. The likely impact of this evasion vulnerability is that an on-access scanner will detect the malware as soon as the archive file is opened/unpacked," Sophos added.

According to the security company, the affected versions of the applications are the one rolled out before the 2.49.0 release. In order to avoid a successful exploitation of the security flaw, you're encouraged to update your software to the latest version as well as updating the virus engine to the most recent definitions. As usual, the updates will be distributed through the auto-update feature.

TAGS:

 sophos | vulnerability | security | flaw


Rating:
Fair (2.6/5) 5 vote(s) so far    

Read by 869 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Free Porn Sent Through E-mails

Sophos Not Optimistic about Windows Vista's Security

The Best Antivirus for Windows Vista and Windows XP SP2

The Simpsons - Dangerous Internet Spammers

Sophos Applauds the Performance of Its Anti-Virus on 64-bit Windows Vista

Another Antivirus Bites The Dust

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive