Now Available:

Featured Resources:

Newsletter

Email Address:


Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

Security Products Must Be Secure

From: The Essentials Series: IT Compliance - Volume II

By: Rebecca Herold

Software Vulnerabilities in the Security Products Industry

Every week, it seems there are headlines about security products containing vulnerabilities that put the organizations using them at risk. For example, consider the following examples from the March 15, 2007 issue of Virus Bulletin (available at (http://www.virusbtn.com/news/virus_news/2007/03_15.xml):

  • “Several vulnerabilities have been found in McAfee’s ePolicy Orchestrator management tool, which could be exploited to gain remote access to systems running the software. Patches have been made available and users are advised to ensure they are applied as soon as possible. Several versions of EPO 3, as well as ProtectionPilot, are thought to be affected.”
  • “Trend Micro, already hit by a string of vulnerabilities in recent weeks, has suffered another problem in its antivirus engine, which could cause a full system crash on exposure to a carefully crafted malicious file. The problem, caused by a divide-by-zero error in processing UPX compressed files, affects version 8 of the Trend engine, and while some systems may only lose service from the malware scanner, Windows users could suffer a ‘Blue Screen of Death’ (BSOD) crash of the whole operating system.”

The vulnerabilities are not found just within antivirus software. Because of the complexities involved with networks and the rapidly increasing types of technologies deployed, no computer system that is useful can be completely secure. And likewise, no computer system security product can ever be guaranteed to be 100% secure. However, business leaders must still perform due diligence when choosing a security product to ensure that everything possible has been done by the vendor to remove all known vulnerabilities, and that the vendor will continue to diligently update their product to ensure all newly discovered security flaws are quickly and effectively removed.

This article includes Rebecca Herold's 25 questions to ask a security product vendor when evaluating security solutions.

 

Access to this article or resource requires registration

Registration is absolutely free! You will receive access to all articles, eBooks, and white papers in the Realtime IT Compliance Digital Library.

In addition, you will gain access to Realtime Nexus, the world's leading portal for free Information Technology eBooks.

Enter your email address and click JOIN NOW

E-mail address:

Already registered?

Sign in here:

Email address:

Password:

PLEASE NOTE: If you are a Realtime Nexus user, then use your Nexus login and password. The login is your email address.

Forgot your password? Click here.