From InfoWorld: A discovery by a well-known Google security researcher provides further proof how antivirus programs designed to shield computers from attacks can sometimes provide a doorway for hackers.
Tavis Ormandy, an information security engineer with Google, wrote he found bugs in Trend Micro's antivirus product that could allow remote code execution by any website and steal all of a users' passwords.
The security firm has confirmed it has released an automatic update that fixes the problems.
"As part of our standard vulnerability response process we worked with him to identify and address the vulnerability," wrote Christopher Budd, global threat communications manager at Trend Micro, in an email on Monday. "Customers are now getting protections through automatic updates."
Ormandy posted emails he exchanged with Trend officials, occasionally expressing his frustration that the company wasn't moving fast enough.
View: Article @ Source Site
