Bashing other people’s products to sell your own…
You know... I've written about this a lot... to recap:
- Agnitum provides "research" into Vista Firewall
- Company B is better than Company A, claims Company B
- A fine line between blogging and advertising
This time the culprit is Bill of BillP Studios and WinPatrol. WinPatrol is free malware software, but a paid version is also offered. With the introduction of Vista, which includes Windows Defender, WinPatrol is looking to become a tool of the past. I suppose I should add a disclaimer of sorts here that I regularly read Bill's blog and quite often agree with what he says... today just isn't one of those times.
So, in a recent post Bill addresses the dozen patches that Microsoft released this month... and he picks on in particular to target... MS07-010. Bill actually goes so far as to call it "one of the most important updates I’ve seen and one of the most embarrassing for Microsoft." This is beyond far fetched... He even compares it to the issue that Kryptonite had, where a pen could open their bike locks. This made me laugh since the flaw, while being most publicized against Kryptonite because of their popularity, affected several brands of bike locks which would mean that the flaw patched by MS07-010 affects many anti-malware products.
Bill also claims that users who have not yet patched are at immediate risk... I guess my definition of immediate risk varies from his. This was a privately reported vulnerability and there's nothing to indicate that it's in the wild... to me that implies lower risk than many things, including past Microsoft vulnerabilities. Now that the patch is out, I suppose malicious individuals could reverse the patch and determine how to take advantage of this vulnerability but the risk is still not "immediate" in my eyes.
Also, to put this out as being such an emergency, which is how I read it as being portrayed when I look at Bills post, is incorrect... Flaws are discovered all the time in AV and Anti Malware software... Does that make each of them more important, more embarassing and a bigger emergency than the last?
Let's take a look at this:
- Trend Micro Products UPX Processing Buffer Overflow Vulnerability
- Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities
- Sophos Anti-Virus Visio File Parsing Buffer Overflow
- McAfee Multiple Products LHA File Handling Buffer Overflow
- Symantec AntiVirus RAR Archive Decompression Buffer Overflow
I could go on, but this points out that every major AV vendor has had a processing problem in the past two years. Should the vendors get it right the first time? I'd hope so, but you have to allow for problems... it's something you have to accept if you're in IT. Processing a file type that isn't native to you or your product presents a learning curve and unless your company has experts on the file format they aren't necessarily going to get everything right the first time... or it could be a simple coding mistake and programmers are human you have to expect them..
To attack Microsoft over something that every vendor in the industry has had a problem with is juvenile... it also shows a lack of understanding that vulnerabilities can and will exist... Nobody is perfect.
Hey Tyler,
Thank you for reading Bits from Bill. I thought your assessment of my post was fair even if you disagree. While I point to Microsoft security programs I’m just as concerned at the threats from vulnerabilities found in MFC and other components commonly used by other programs.
I do think it’s different for Microsoft than other AV vendors. People choose those programs. Microsoft is the gatekeeper. I’m not a Microsoft basher but I still think it has to be embarrassing.
My intention certainly wasn’t to promote WinPatrol as a replacement for Defender. There are plenty of features still valuable under Vista so rumors of Scotty’s dismiss are premature.
We’ll always have our little cult following and you’ll see that I will continue to add new features which are missing from Windows.
I’m glad I found your Blog. Since you keep it up regularly with good info, I’ve added you to those Blogs I read regularly.
Thanks again,
Bill
Hey Bill,
I’m glad that you stumbled across the blog (I believe you’ve been here once before… hopefully you’ll be back many more times)…
Microsoft is different from other AV Vendors in that they provide much more than just AV, however when looking at them as an AV vendor you have to, in my opinion, accept them as “just another AV vendor”… They are new to the field and they have to be expected to make a few mistakes…
As I said, every vendor has had file parsing vulnerabilities… Microsoft’s first one was discovered quickly and maybe it’ll get enough press that it’ll be their last… Then again maybe it won’t…
I’ll have to download WinPatrol and give it a try… I have heard good things but I’ve never used it myself… never saw a need to… The feature that interests me the most is actually the RIDS in WinPatrol Plus, so maybe at some point I’ll fork out the money and do a review of it.