Periodik Labs

BusinessWeek cites a Yankee Group report that security software is increasingly insecure. The article points out that while much of this software was developed to protect users against flaws in Microsoft's code, for the first time this year the aggregate number of security holes in security software exceeds those found in Microsoft software.

This isn't happening because security software is getting worse; it's not. In general, all software is improving security as vulnerabilities become more widely reported and more quickly exploited. The main reason for that security software vendors like Symantec and McAfee are seeing an increase in holes relative to Microsoft is that while all software vendors are getting better at security, Microsoft is getting a lot better, and a lot faster. As Microsoft products improve, hackers move on to lower hanging fruit.

Another reason is that security software is, of course, the first line of defense. If a hacker wants to attack machines inside a firewall, first he has to hack the firewall. Hacking security software also provides great bang for the buck: once you've hacked a user's anti-virus software, you have free run of his machine.