All software has vulnerabilities; all of them need patching. Note the last line of the article:
"It's unclear if Ormandy has analyzed the security of other antivirus products so he can arrive at an assessment of how they compare to Sophos. He didn't respond to an e-mail seeking comment for this post."
Symantec (amongst other software vendors) have had vulnerabilities discovered and fixed in the past, some quicker than others, etc.
CTO, Convergent Information Security Solutions, LLC
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
The scope of the vulnerabilities was a bit concerning, and I was surprised to see the AV client overrides/disables many of Windows own built-in mitigation techniques (ASLR, SmartScreen).
I guess the upside is Sophos now has a chance to patch the disclosed vulnerabilities (and from what I understand they have already patched most of them?).
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
