Tavis Ormandy Criticizes Meaningless Antivirus Excellence Awards

An anonymous reader writes: A Google security expert (Tavis Ormandy) has become annoyed with antivirus products receiving awards a week after he finds huge security holes in their software. He's talking about Comodo who received an "excellence" award from Verizon, after the researcher discovered 4 security issues in the past four months, and is in the process of submitting a fifth. His criticism of Comodo and Verizon's silly awards is also validated by the fact that during the past year, he discovered security flaws in numerous antivirus and security software such as Avast, Malwarebytes, Trend Micro, AVG, FireEye, Kaspersky, and ESET.

Re:Bloatware

[rudy_wayne]

Most AV programs have not only become bloatware, adding more and more useless "features", but they have actually become malware themselves.

For example:

The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users install AVG antivirus, is vulnerable to trivial XSS (cross-site scripting) attacks.

"This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that AVG can bypass the Chrome Store malware checks, which specifically tries to stop abuse of the Chrome Extension API."

Re:Nekkid emperor is still nekkid

He may be inarticulate, but he's not wrong.

The entire "computer security industry" is little more than scammers selling nothing but snake oil, i.e., security products which themselves are full of exploitable vulnerabilities and in many cares are very close to being malware.