Antivirus Software Could Make Your Company More Vulnerable (csoonline.com)

← Back to Stories (view on slashdot.org)

Antivirus Software Could Make Your Company More Vulnerable (csoonline.com)

Posted by timothy on Saturday January 9, 2016 @08:53AM from the good-austin-powers-subplot dept.

itwbennett writes: Since June, researchers have found and reported several dozen serious flaws in antivirus products from vendors such as Kaspersky Lab, ESET, Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes. Many of those vulnerabilities would have allowed attackers to remotely execute malicious code on computers, to abuse the functionality of the antivirus products themselves, to gain higher privileges on compromised systems and even to defeat the anti-exploitation defenses of third-party applications. And evidence suggests that attacks against antivirus products are both possible and likely. Some researchers believe that such attacks have already occurred, even though antivirus vendors might not be aware of them because of the very small number of victims. Among the emails leaked last year from Italian surveillance firm Hacking Team there is a document with exploits offered for sale by an outfit called Vulnerabilities Brokerage International. The document lists various privilege escalation, information disclosure and detection bypassing exploits for multiple antivirus products, and also a remote code execution exploit for ESET NOD32 Antivirus with the status 'sold.'

3 of 74 comments (clear)

Min score:

Reason:

Sort:

cost and benifit by fermion · 2016-01-09 09:33 · Score: 4, Insightful

I don't know if it is possible to have a MS Windows running on the internet without a anti virus software. So the question is not which AV software has vulnerabilities, as all software has this issue, but which provides significantly more protection than risk. Or if there is better way to protect MS Windows machines than AV software.

--
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
1. Re:cost and benifit by gilgongo · 2016-01-09 09:39 · Score: 4, Insightful
  
  If it's any help (and if you're referring to desktop Windows computers behind standard domestic NAT-ed router/firewalls), then with the exception of WSE since it came out (WinVista?), I've *never* run anti-virus on any Windows installation in our 4-person home in over 20 years.
  About once a year I boot each machine from something like Trinity Rescue Disk and run a sweep using two or three different anti-virus packages. This might come up with perhaps one or two low-risk infections (usually Java), but that's it.
  I assume therefore that if the people using the machines are not in the habit of visiting certain types of website, and aren't inclines to open attachments they're not expecting, then all will be well.
  
  --
  "And the meaning of words; when they cease to function; when will it start worrying you?"
Re:Not quite AV, but close by ls671 · 2016-01-09 10:07 · Score: 4, Insightful

Every piece of software is a potential security hole. AVs, firewalls, encryption layers like SSL or what not constitute no exceptions.

--
Everything I write is lies, read between the lines.