Security software faces increased hack attacks

As the pool of easily exploitable Windows security bugs dries up, hackers are looking for holes in security software to break into PCs, analysts said.

Software makers of ubiquitous antivirus products have not yet been forced to acknowledge and fix potential problems in their code, analysts with Yankee Group wrote in a research paper published on Monday. As a result, antivirus software is like low-hanging fruit to hackers, according to the analysts.

Microsoft's Windows operating system has been a favourite target of hackers but new security flaws are being discovered in security products at a faster rate than in Microsoft's products, the analysts wrote. In the 15-month period ending 31 March, 77 separate vulnerabilities have been reported by security vendors, they wrote.

CheckPoint Software Technologies, F-Secure and Symantec are among the vendors that have seen a rise in the number of security issues that affect their products in the past years, according to Yankee Group.

If the trend continues, the number of vulnerabilities for security products will be 50 per cent higher than 2004 levels, according to the analysts. While Microsoft flaws continue to flow, the rate has decreased notably, according to the analysts. They credit the release last year of Windows XP Service Pack 2, a security-focused update.

Yankee Group predicts a "rising tide" of vulnerabilities will be found in security products. Software makers should look at their security processes, and users need to get ready to patch security products, the analysts wrote. Also, buyers should ask tough security questions when buying new products, they advise.

Joris Evers writes for CNET News.com