Archive Formats Kill Antivirus Products

nemiloc writes: From F-Secure website: "The Secure Programming Group at Oulu University has created a collection of malformed archive files. These archive files break and crash products from at least 40 vendors — including several antivirus vendors...including us." It is not new anymore that security producs have have security problems... What makes this special is that antivirus software is a perfect target. They are run on critical places with high privileges and autoupdates keeps versions coherent. More information: Test material by OUSPG and Joint advisory by CERT-FI and CPNI

160 legacy archive flaws, now hundreds of new?

[secpelle]

Test report lists ~160 historical "prior vulnerabilities" (with a nice graph sample) and hints of hundreds of new ones. Given that the archive&compression formats appear to be pervasive to modern computing and communication I would have expected those prior vulnerabilities to have raised the bar wrt implementation quality of dearchivers, apparently that has not happened.

Re:

[ilota]

This begs the question: is it really beneficial securitywise to increase the amount of code that handles data sent from the net? Are we better off running all that anti-virus code, personal firewalls, L7 aware proxy/firewalls and whatnot? I've lived without personal firewalls and antivirus products for 10 years, using Linux, Windows and Mac. During that time I've had one incident.

So I know there is life without those extra lines of code. Am I being too radical?