Hackers are switching targets, a research firm said Monday, as they look for new vulnerabilities. Rather than focus on operating systems, Windows in particular, they're going after the very security software that's supposed to protect PCs.
"Am I just crazy, or have there been a lot of security vulnerabilities for security companies announced?" Andrew Jaquith, a senior analyst at the Yankee Group said in describing what led him to analyze data from a public vulnerability database, ICAT.
From the beginning of 2004 to May 2005, 77 vulnerabilities affecting security products were posted to ICAT. That was a rate of increase greater than even Microsoft's Windows, which actually has showed improvement since the release last fall of Windows XP SP2.
"When considering the number of affected products rather than just the number of distinct vulnerabilities, the rate of increase was as fast as that of the industry as a whole," said Jaquith.
According to Jaquith, three factors played a part in the rise of security product problems. For one, vulnerability researchers -- who include both above-board "good guys" and underground hackers -- may have nearly depleted the supply of easily-exploited Windows vulnerabilities, and so are looking for virgin territory.