Slashdot Mirror

← Back to Stories (view on slashdot.org)

Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe (www.cbc.ca)

Posted by msmash on from the security-woes dept.

Emily Chung, writing for CBC: Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. It's not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. "We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."

4 of 212 comments (clear)

  1. that hyperbole though by Anonymous Coward · · Score: 3, Informative

    ok look, i do some malware analysis.

    the thing is, 99% of the malware you run into is run-of-the-mill stuff.

    to paraphrase someone who was talking about EMET:

    not running AV because some researcher are doing next-level shit is like not wearing your seatbelt because a sniper might get you.

    Tavis Ormandy has uncovered a shit-ton of serious vulnerabilities in some big name AV / Endpoint Protection products. Great! Those will get fixed and life goes on. There are also some AV suites that taviso has NOT found bit problems in.

    keep in mind also that some other big names in "next level" endpoint protection and security services who monetarily gain from pushing the idea that "endpoint security is dead".

  2. Blacklist vs. whitelist by tepples · · Score: 3, Informative

    Antivirus software that detects apps known to be harmful is a form of blacklisting. But as a general rule, blacklisting is considered less secure than whitelisting. An antivirus using whitelisting, such as PC Matic, allows only known good apps to run.

    The obvious problem with this approach is who defines the set of known good programs. In a corporate environment, an IT department has the resources to review the programs on which employees rely. But a home PC owner who isn't quite a PC expert may not feel qualified to do this, instead delegating review to a trusted party. This has led to cases of rent-seeking, where a gatekeeper demands payment from each developer to review each app.

    Bruce Schneier explains further

  3. Most Clients Get Infected Looking For Free Movies by zenlessyank · · Score: 5, Informative

    Almost every client that I have had to deal with infected machines were looking for free movies on the web. They lie and say they have no idea, but when I show them their browsing history then they get all stuttery and defensive. I would say it is about 50/50 with porn and regular movies. I haven't seen many infections thru e-mail that actually make it to the machine.

  4. Comparing closeness to a binary state by tepples · · Score: 3, Informative

    Let me explain this usage:

    In prescriptivist theory, comparative words such as "more" or "increasingly" cannot be used with binary state words such as "unique" or "useless". But in practice, when a comparative word is used with a binary state word, the binary state word takes on the meaning of closeness to that state. So "more unique" means "closer to unique", and "increasingly useless" means "increasingly close to useless".