But the assumption should be that for any antivirus product which does its file-parsing in C or C++, and which doesn't sandbox is scanning engine, there's going to be at least one critical vulnerability in the scanner. That fix could be a memory-safe language, or it could be sandboxing. But anti-virus software is unusual in that it needs to handle malicious input of an unusually wide variety of file formats, which makes completely eliminating file-format vulnerabilities basically unfeasible without some sort of broadly-applicable fix. With most types of software, if you're stuck with C/C++, you want to keep the development to a high standard where there aren't any bugs like this.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |