Lately I’m not a big fan of AV and it amazes me that AV hasn’t been beaten up more badly than it has given how it runs on pretty much every desktop in the civilized world and how critical writing solid, secure code is these days.
It looks like .Nruns is speaking out: http://www.prweb.com/releases/aps-av/nruns/prweb1134004.htm
At a presentation at Blackhat Federal last year the guys from Immunity talked about how most / all of the AV engines out there are compiled with old / crusty compilers that don’t support things like stack cookies or ASLR or DEP etc. which makes exploiting the engine all the more easy if there’s a vulnerability in it.
Well I can tell you there is at least ONE AV engine (ours) that is written not only to the highest secure coding standards, but it’s also compiled with a modern compiler and so it supports all of our latest mitigation technologies making it harder to exploit should one find a vulnerability in our parser. Over it’s life – I think there’s only been 2 vulnerabilities in our parser – and I think one of them was only a DoS type vuln. We may not have the best detection rates compared to our competitors but I all but guarantee ours is the least dangerous engine to run – as such I wouldn’t feel dirty running it myself or recommending it to friends / family because I’m pretty sure you’re not going to get owned by our AV engine.