Security Software = Security Risk?

closeThis post was published 13 years 2 months 3 days ago. A number of changes have been made to the site since then, so please contact me if anything is broken or seems wrong.

In general, we use and trust security programs like antivirus and antispyware applications from all sorts of vendors to keep our computers safe, but could those very programs be opening us up to more holes? That’s what security firm n.runs AG has been testing for the last several years, and it is the subject of a recent PC World article. It turns out that file parser bugs in many of the mainstream scanning engines are exposing users to additional risks. The problem is compounded by the fact that many users run multiple scanning programs in tandem, under the reasoning that if one engine doesn’t catch something, another will.

That thinking, based on real-life experience, provides additional protection against infections from outside sources, unless the engines used all have different parser holes. Running multiple programs may actually be more hazardous, due to the fact that there are more flaws exposed.

N.runs is developing a program to help secure other security engines, named ParsingSafe (a codename), that will help protect antivirus software against the sorts of parsing attacks the firm has seen. The website slates market introduction as fourth-quarter 2007, which is now, so I’m expecting to see more news popping up about it. Perhaps I should be glad this school computer of mine runs only one AV engine after all.


I am an avid technology and software user, in addition to being reasonably well-versed in CSS, JavaScript, HTML, PHP, Python, and (though it still scares me) Perl. Aside from my technological tendencies, I am also a theatre technician, sound designer, violinist, singer, and actor.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail (or subscribe without commenting)

Comments are subject to moderation, and are licensed for display in perpetuity once posted. Learn more.