Mark Russinovich writes about a class of security bugs that many applications (including lots of 3rd party “security” solutions) suffer from. Squatting Attacks are enabled when improper security permissions are applied to files and synchronization objects. Unfortunately, Mr. Russinovich finds that lots of applications make these mistakes and has a tool AccessChk that will help pinpoint these security flaws.
From the article: Mark’s Blog : The Case of the Insecure Security Software
The security research community has focused its efforts uncovering local elevations via buffer overflows and unverified parameters, but has completely overlooked these obvious problems – problems often caused by the software of security ISVs, or in some cases, their own.
Why are these holes created? I can only speculate, but because allowing unprivileged groups write-access to global objects requires explicit override of secure defaults, my guess is that they are common in software that was originally written for Windows 9x or assumed a single administrative user. When faced with permissions issues that crop up when migrating to a version of Windows with security, or that occur when their software is run by standard user accounts, the software developers have taken the easy way out and essentially turned off security.