Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tavis Ormandy Criticizes Meaningless Antivirus Excellence Awards (softpedia.com)

Posted by timothy on from the you-wanna-play-the-dozens-well-the-dozens-is-game dept.

An anonymous reader writes: A Google security expert (Tavis Ormandy) has become annoyed with antivirus products receiving awards a week after he finds huge security holes in their software. He's talking about Comodo who received an "excellence" award from Verizon, after the researcher discovered 4 security issues in the past four months, and is in the process of submitting a fifth. His criticism of Comodo and Verizon's silly awards is also validated by the fact that during the past year, he discovered security flaws in numerous antivirus and security software such as Avast, Malwarebytes, Trend Micro, AVG, FireEye, Kaspersky, and ESET.

5 of 72 comments (clear)

  1. Bloatware by Anonymous Coward · · Score: 4, Interesting

    Many antivirus products started as small, useful tools which genuinely helped detect and neutralize viruses, at least still in the 90s and early 2000s. For some reason which I can only compare to gluttony for more "features" and attention, most have grown to bloatware with flashing popups, nagging screens and award stickers collected like flairs which are supposed to validate their usefulness, but are meaningless. When friends ask me to set up a newly purchased laptop, one of the first things to do is remove all that antivirus crap and educate them on PC hygiene.

    1. Re:Bloatware by rudy_wayne · · Score: 4, Informative

      Most AV programs have not only become bloatware, adding more and more useless "features", but they have actually become malware themselves.

      For example:

      The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users install AVG antivirus, is vulnerable to trivial XSS (cross-site scripting) attacks.

      "This extension adds numerous JavaScript APIs to Chrome, apparently so that they can hijack search settings and the new tab page. The installation process is quite complicated so that AVG can bypass the Chrome Store malware checks, which specifically tries to stop abuse of the Chrome Extension API."

    2. Re:Bloatware by cbhacking · · Score: 2

      Technically, Windows Defender in Win7 is was built from Giant AntiSpyware and only provided anti-spyware/anti-adware protection; it doesn't have detection for things like worms and other sorts of malware. For that you need the (free, but optional download) Microsoft Security Essentials. However, starting with Win8, Defender (the built-in thing) includes the MSE scanning engine and signatures.

      The obvious difference between Win7 and Win8 in this regard is that when Win7 came out, MS was still under some anti-trust restrictions against bundling software that competed with commercial offerings (and anti-virus would definitely count). Those restrictions expired before Win8 was released, so they could bundle the full scanner instead of requiring that people go seek it out on their own.

      --
      There's no place I could be, since I've found Serenity...
  2. And The Best AntiVirus is.... by FudRucker · · Score: 4, Insightful

    switching to an Operating System that is not the target of virus writers, or at least less of a target

    Linux is your best bet for a general purpose operating system

    --
    Politics is Treachery, Religion is Brainwashing
  3. Re:Nekkid emperor is still nekkid by Anonymous Coward · · Score: 3, Informative

    He may be inarticulate, but he's not wrong.

    The entire "computer security industry" is little more than scammers selling nothing but snake oil, i.e., security products which themselves are full of exploitable vulnerabilities and in many cares are very close to being malware.