Antivirus Software Could Make Your Company More Vulnerable

itwbennett writes: Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. And evidence suggests that attacks against antivirus products are both possible and likely. Some researchers believe that such attacks have already occurred, even though antivirus vendors might not be aware of them because of the very small number of victims. Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status 'sold.'

The Mafia

[MakersDirector]

I have advised everyone to remove virus protection from their system for years, for pretty simple reasons:

Every piece of software you introduce to your system creates vulnerabilities.

Pretty easy, right? But there's more to it than that.

AV protection has predictable distribution networks which, like Microsoft's update mechanisms, create a single point of entry for hackers seeking a large audience. Zero day vulnerabilities are introduced after they've been exploited at least once, and these networks provide an easy and predictable distribution network to leverage for these and find 'selected target hosts'.

Not convinced? But wait, there's more. These companies hire a great deal of hackers to begin with who's key job is to not 'find' vulnerabilities - but to create them - and then delver the fixes for the very things they create through their networks.

In a general sense, I ask people who pay AV companies money: Aren't you tired of paying protection money to these companies who are the ones introducing the very elements you're being protected against?

Whether it's AV protection, or it's insurance in any form (which I am not a fan of) - these industries in many cases create the very problems they protect us from. Now insurers have notably gotten better and fairer about this and work with the public to mitigate the risks because of backlash to the industry.

But developers of AV protection have not.

I mean. Why do you think one of the biggest suppliers of 'AV protection comes from a country where the mafia's alive and well and runs much of the country? (Kaspersky and Russia).

I'm an advocate of removing AV protection and haven't had it in years.

And I would highly advise anyone who has an IT person near them as a friend or family member do the same. And when you actually do catch a random virus, rather than paying $240 for a full year of protection you've paid for your programmer friend to come over and have a homemade steak and a beer with you.

Which do you prefer?

I can tell you what the IT guys prefer.Home cooking.

Re:cost and benifit

[SwashbucklingCowboy]

"and never had an infection"

That you know of.