Updates Mend F-Secure Antivirus Flaws
Finnish antivirus company F-Secure Corp. warned users today to install an update to fix a serious flaw in many of its products that it said attackers could use to seize control over computers running the software.
F-Secure said the problem has to do with the way its products examine compressed ZIP or RAR archive files. People often send files compressed with ZIP or RAR utilities as e-mail attachments because they can radically reduce the attachment file size.
Unfortunately, virus and worm writers also often send their creations inside ZIP or RAR files to make it past e-mail security scans, which usually filter out executable files but often allow compressed files, leaving the inspection of those files to antivirus products once the user opens the compressed archive.
According to F-Secure, attackers could use the flaw to create a file that cannot be scanned properly, potentially allowing the malicious file to slip past the company's antivirus scanners.
Users of the company's most popular products, including F-Secure Internet Security (2004 through 2006 versions), F-Secure Anti-Virus (2004 through 2006 versions) and F-Secure Personal Express should have the update distributed to them automatically. Users of other F-Secure products should check this page for more information on how to obtain the necessary updates.
The F-Secure flaws come on the heels of similar vulnerabilities found in other antivirus products, including Symantec and ClamAV. It just shows that security is not some set-it-and-forget-it chore; even security products need maintenance from time to time.
Posted by: DickA | January 25, 2006 12:40 PM | Report abuse
The comments to this entry are closed.