Trend Micro, Zone Labs, ClamAV join list of insecure security products

Trend Micro, Zone Labs, ClamAV join list of insecure security products

Summary: Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.

TOPICS: Security

Trend Micro flaw opens door to hacker attacksAdd Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.

The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege escalation or denial-of-service conditions.

Trend Micro, which specializes in virus protection software, has issued patches for ServerProtect and the PC-cillin suite.

[SEE: Can you really trust your security vendor? ]

The ServerProtect update, rated "moderately critical" by Secunia, covers boundary errors and integer overflow errors that could be exploited to launch harmful code on a vulnerable installation. Two separate alerts from iDefense (here and here) outline the details and potential risks.

iDefense has also discovered about a remotely exploitable buffer overflow in Trend Micro Inc.'s SSAPI Engine that could allow attackers to execute arbitrary code with system level privileges.

The latest black-eye for security vendors has also affected Check Point Zone Labs. From an iDefense alert:

Local exploitation of an insecure permission vulnerability in multiple Check Point Zone Labs products allows attackers to escalate privileges or disable protection.

The vulnerability specifically exists in the default file Access Control List (ACL) settings that are applied during installation. When an administrator installs any of the Zone Labs ZoneAlarm tools, the default ACL allows any user to modify the installed files. Some of the programs run as system services. This allows a user to simply replace an installed ZoneAlarm file with their own code that will later be executed with system-level privileges.

Exploitation allows local attackers to escalate privileges to the system level. It is also possible to use this vulnerability to simply disable protection by moving all of the executable files so that they cannot start on a reboot.

ClamAV, the open-source anti-virus toolkit recently acquired by Sourcefire, has also struggled with security problems that could lead to sudden denial-of-service crashes. Secunia rates the ClamAV issues as "moderately critical."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Why only these three?

    Symantec, McAfee, Microsoft Defender engine, they've all had nasty HEAP exploits. Cisco security products. Snort. Heck, we can pretty much add all of them.
    • The subject seems to say it all

      "Trend Micro, Zone Labs, ClamAV [b]join[/b] list of insecure security products"

      Nothing in the article mentions what's already on the list.
      Larry the Security Guy
    • agree...

      Maybe I'm just a negative person but from the instant I saw the title of the article, I was already thinking, "Oh great, some random vulns or exploits and hes gonna say that these companies can't be trusted"...and I was dead on. I hate random, unbased, vendor-bashing like this. There is no holy grail of security companies....there's always gonna be vulns and exploits. Always.
  • I'd like to hear what has been seen

    about Avast AV, and Commodo Firewall. Both I've used and recommend. Except I can't recommend Comodo yet, since it's highly technical. Beyond what the average Joe 6 processor can use and set up.

    Comodo has alerted me to dozens of sneaky bypasses that Zonealarm says nothing about. Case in point, Unlocker. There's some suspicious sending out, but I've been unable to block for it. It dodges by attaching the attachments to things like Firefox, and blocking just this bypass, also blocks Firefox. For Joe 6 processor, I have to continue to recommend ZoneAlarm, unless there's another firewall that does the same, but better.

    I like Comodo alerting me to the sneaky stuff, for shows that even innocent programs can do things you don't wish. But there's got to be a better way of blocking.

    - Kc
    • there is

      "there's got to be a better way of blocking."
      Unplug the computer and don't use it problem solved! ;)
  • Running ClamAV four years strong with little problems

    We've been running ClamAV on our gateway server for four years with few incidents.

    One version around 0.83 had a DOS problem. They fixed it immediately and haven't
    had a problem since.
    • just because you weren't there didn't mean...

      Just because you weren't there didn't mean that the tree falling in the forest didn't make a sound.

      And because you're probably not going to see the analogy..

      just because **YOU** didn't get effected by this flaw, or others like it in **YOUR** world of computer use, doesn't mean that the flaw is any less deadly for the unintentionally stupids that don't get clues to security.

      The potential exists... so people **DO** need to know and should be looking for the issue...

      • just because you weren't there didn't mean...

        Gawd NOT the tree thing again!
        • If a tree falls on Bruce Cockburn...

          does anybody care. :D

    • You hope

      How can you be sure. No single anti-anything detects all threats. Especially for anti-malware/spyware. You need multiple tools so that you hope they overlap to catch all of it. Even you have said you have had "few" incidents, that's great, but how do you know something didn't get past ClamAV?

  • "Moderately Critical"

    That's an oxymoron. Similar to secunia disclosure. They don't tell anyone enough
    to make up their own minds.

    Personally, I trust ClamAV more than secunia.
  • I think

    I think this all has to do with production being emphasized over security lately. While it seems like security is the #1 issue for software programmers, it really isnt. Production and deadlines come first, questions are asked later. If it's on the shelf on-time, people will buy it when they are supposed to. If holes are found, the cycle is already complete, and the companies are already working on the next patch or new software. After the issue is found, damage control is done. They arent stupid, they are just doing what software companies do.
  • AV Companies

    We had Trend for 3 years and we had more viruses that I care to talk about. Trend does not keep the old dats active in their OfficeScan DB (per their support). We got hit by a 2 yr old virus - Trend had us use a program off their website that did nothing to help us. We used alternate prgs (McAfee, Free AVG/Spybot) to clear up the issues we had. Per Trend their major clients had not reported anything. I had always thought all of your customers are major ? regardless of size. Needless to say we switched to another AV. Trend (along with other AV companies) needs to step back ? take a breath and reevaluate their way of doing business / detecting and clearing viruses.
    • AV Companies

      How Right you are!!
      Never had a Virus since I started using Avast years ago I've used McCafee, then Systematic and Trend got Viruse while using all three of them.
  • Avast all the way

    I had Trend and it started costing me for updates yearly and I figured that I wanted protection, not "protection (Soprano style)" So I switched to Avast and it is free (register once per year online $0.00)
    It caught lots of stuff Trend didn't plus protections online and file opening if you wish.
  • No offense to the author but....

    ... I think this story is a little tabloid in style.

    I mean what software is ever completely bug free? Anti virus software is just software so it's just as vulnerable as any other software.

    I think the real issue is about educating the non-technical IT-using members of public. They need to be made to understand that, despite their best efforts, *sometimes* your PC might get a virus or some other unsavioury software and that the best thing you can do is keep your data backed up safely and be prepared to reinstall your OS from time to time (and most people can probably manage that with the right instructions).

    And software vendors need to make sure they aren't leading people to believe their software is completely safe and bug free (Titanic and unskinable deja vu here).
  • It is getting rediculas

    Every day I read of other software hacks, problems, security issues. What a bunch of BanthaPOODOO. If you set your routers gateways, etc correctly, if you don't browse porno pages or hackers sites. You don't have problems.
    I have been running my network for over 10 years, using Trend Micro as my suite. I have only been infected by one virus, no hacks, no bots, root certificates, etc.
    It amazes me that so many PROFESSONALs get hacked.

    • How about "Ridiculous"...

      It amazes me how many "professionals" can't spell or use grammar to save their lives. And before any of you professionals say that spelling doesn't matter, remember that your "professional" statements cannot be taken seriously if you don't even know how to use a spell checker...

      The Infamous Red Pencil
  • Have to Agree re the Tabloid Comment

    I'm not sure what the purpose of this article is. And the link to the Can You Trust article is really not an article at all. Sounds more like a random blog post with screenshots from Secunia.

    There's plenty of blame to spread around: the OS developers for weak OS development, the software vendors for weak product development, and the AV/firewall vendors. But, then, they're expected to roll out secure products that will work with every piece of software or hardware developed since 1991 and keep our systems secure.

    The main person to blame is you/me/us. Sure the malware folks are creative and love a challenge. But if the enduser would exercise just some common sense when surfing or reading email, it would go much further in minimizing the problem.

    Just calling out AV vendors (who, by the way, are actually trying to help us) without some supportive ideas is useless. To paraphrase Ed Bott, less whining and more constructive complaining.
  • There are 2 of them I have USED

    And the 2 I used I know are not to be trusted that is ZONE ALARM you can't set some things in it and Trend Micro is the other, something about it just did not seem to do all it said it was ..
    And when I added AVG to the computer It found several things which were not found by Trend Micro