Advisories - Fortinet, NOD32, Bitdefender, Avast

Released a few advisories today :

• [TZO-08-2009] Bitdefender - Generic evasion (Limited details)
• [TZO-09-2009] Avast! - Generic evasion (Limited details) (UPDATED)
  
• [TZO-10-2009] Nod32 - Generic evasion (Limited details)
  
• [TZO-11-2009] Fortinet - Generic evasion (Limited details)

Update: Fortinet and Avast contacted me.

If somebody from Authentium, DrWeb, Netgear is reading this - get in touch.

I have been asked to provide a list of vendors that react and do patch bypass/evasions and acknowledge the (obvious) necessity to, here we go.

• F-Secure
• Avira
• Mcafee
• Securecomputing
• Ikarus
• Nod32
• Bitdefender
• Trendmicro
• Panda
• Computer Associates (CA)
• Comodo
• AVG
• Sophos
  

Companies that do not perceive the security risk involved - even for gateways :

• Avast (Alwil)

Coverage : Heise, DSL.sk , Security.nl , CNIS