Language Selection

English French German Italian Portuguese Spanish

Security tools face increased attack

Filed under
Security

Software makers of ubiquitous anti-virus products have not yet been forced to acknowledge and fix potential problems in their code, analysts with Yankee Group wrote in a research paper published Monday in the US. As a result, antivirus software is like low-hanging fruit to hackers, according to the analysts.

Microsoft's Windows operating system has been a favorite target of hackers, but new security flaws are being discovered in security products at a faster rate than in Microsoft's products, the analysts wrote. In the 15-month period ending March 31, 77 separate vulnerabilities have been reported by security vendors, they wrote.

Symantec, F-Secure and CheckPoint Software Technologies are among the vendors that have seen a rise in the number of security issues that affect their products in the past years, according to Yankee Group.

If the trend continues, the number of vulnerabilities for security products will be 50 percent higher than 2004 levels, according to the analysts. While Microsoft flaws continue to flow, the rate has decreased notably, according to the analysts. They credit the release last year of Windows XP Service Pack 2, a security-focused update.

Yankee Group predicts a "rising tide" of vulnerabilities will be found in security products. Software makers should look at their security processes, and users need to get ready to patch security products, the analysts wrote. Also, buyers should ask tough security questions when buying new products, they advise.

Source.

More in Tux Machines

Leftovers: OSS

  • Anonymous Open Source Projects
    He made it clear he is not advocating for this view, just a thought experiment. I had, well, a few thoughts on this. I tend to think of open source projects in three broad buckets. Firstly, we have the overall workflow in which the community works together to build things. This is your code review processes, issue management, translations workflow, event strategy, governance, and other pieces. Secondly, there are the individual contributions. This is how we assess what we want to build, what quality looks like, how we build modularity, and other elements. Thirdly, there is identity which covers the identity of the project and the individuals who contribute to it. Solomon taps into this third component.
  • Ostatic and Archphile Are Dead
    I’ve been meaning to write about the demise of Ostatic for a month or so now, but it’s not easy to put together an article when you have absolutely no facts. I first noticed the site was gone a month or so back, when an attempt to reach it turned up one of those “this site can’t be reached” error messages. With a little checking, I was able to verify that the site has indeed gone dark, with writers for the site evidently losing access to their content without notice. Other than that, I’ve been able to find out nothing. Even the site’s ownership is shrouded in mystery. The domain name is registered to OStatic Inc, but with absolutely no information about who’s behind the corporation, which has a listed address of 500 Beale Street in San Francisco. I made an attempt to reach someone using the telephone number included in the results of a “whois” search, but have never received a reply from the voicemail message I left. Back in the days when FOSS Force was first getting cranked up, Ostatic was something of a goto site for news and commentary on Linux and open source. This hasn’t been so true lately, although Susan Linton — the original publisher of Tux Machines — continued to post her informative and entertaining news roundup column on the site until early February — presumably until the end. I’ve reached out to Ms. Linton, hoping to find out more about the demise of Ostatic, but haven’t received a reply. Her column will certainly be missed.
  • This Week In Creative Commons History
    Since I'm here at the Creative Commons 2017 Global Summit this weekend, I want to take a break from our usual Techdirt history posts and highlight the new State Of The Commons report that has been released. These annual reports are a key part of the CC community — here at Techdirt, most of our readers already understand the importance of the free culture licensing options that CC provides to creators, but it's important to step back and look at just how much content is being created and shared thanks to this system. It also provides some good insight into exactly how people are using CC licenses, through both data and (moreso than in previous years) close-up case studies. In the coming week we'll be taking a deeper dive into some of the specifics of the report and this year's summit, but for now I want to highlight a few key points — and encourage you to check out the full report for yourself.
  • ASU’s open-source 'library of the stars' to be enhanced by NSF grant
  • ASU wins record 14 NSF career awards
    Arizona State University has earned 14 National Science Foundation early career faculty awards, ranking second among all university recipients for 2017 and setting an ASU record. The awards total $7 million in funding for the ASU researchers over five years.

R1Soft's Backup Backport, TrustZone CryptoCell in Linux

  • CloudLinux 6 Gets New Beta Kernel to Backport a Fix for R1Soft's Backup Solution
    After announcing earlier this week the availability of a new Beta kernel for CloudLinux 7 and CloudLinux 6 Hybrid users, CloudLinux's Mykola Naugolnyi is now informing us about the release of a Beta kernel for CloudLinux 6 users. The updated CloudLinux 6 Beta kernel is tagged as build 2.6.32-673.26.1.lve1.4.26 and it's here to replace kernel 2.6.32-673.26.1.lve1.4.25. It is available right now for download from CloudLinux's updates-testing repository and backports a fix (CKSIX-109) for R1Soft's backup solution from CloudLinux 7's kernel.
  • Linux 4.12 To Begin Supporting TrustZone CryptoCell
    The upcoming Linux 4.12 kernel cycle plans to introduce support for CryptoCell hardware within ARM's TrustZone.

Lakka 2.0 stable release!

After 6 months of community testing, we are proud to announce Lakka 2.0! This new version of Lakka is based on LibreELEC instead of OpenELEC. Almost every package has been updated! We are now using RetroArch 1.5.0, which includes so many changes that listing everything in a single blogpost is rather difficult. Read more Also: LibreELEC-Based Lakka 2.0 Officially Released with Raspberry Pi Zero W Support

Leftovers: Gaming