So a recent Google blog post talked about some really bad things they found in Kaspersky Antivirus. Apparently having that software on your machine actually makes you vulnerable to drive by exploits - that is, your system can be p0wned just be visiting a website or getting an email - and not even reading it!
What's truly amazing about this is that some of the attack vectors are simple buffer overflow attacks. There's nothing new about buffer overflows; they are caused by sloppy code and the software industry has a long, tragic history of repeating that particular sloppiness again and again. It's beyond astonishing that a respected A/V vendor like Kaspersky would repeat these mistakes in their own code!
Not that other A/V vendors are any better: Google has also found problems with Sophos and ESET.
Ars Technica says that you and I don't need to worry much as this type of exploit is more likely to be launched against a bank or high value company. I'm not sure that makes me any happier.