Slashdot Mirror
Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe (www.cbc.ca)
Emily Chung, writing for CBC: Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. It's not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. "We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."
Is like having a guy with peanut allergies pushing Planters products.
After a recent debacle where Symantec apparently didn't get the proof-of-concept exploit sent to them by a security researcher because the mail filter automatically opened the document and crashed, I friend of mine joked that antivirus software was actually a tool to "automatically click on attachments for you".
TCP: Why the Internet is full of SYN.
ok look, i do some malware analysis.
the thing is, 99% of the malware you run into is run-of-the-mill stuff.
to paraphrase someone who was talking about EMET:
not running AV because some researcher are doing next-level shit is like not wearing your seatbelt because a sniper might get you.
Tavis Ormandy has uncovered a shit-ton of serious vulnerabilities in some big name AV / Endpoint Protection products. Great! Those will get fixed and life goes on. There are also some AV suites that taviso has NOT found bit problems in.
keep in mind also that some other big names in "next level" endpoint protection and security services who monetarily gain from pushing the idea that "endpoint security is dead".
I think installing an adblocker in your webbrowser is probably the best antivirus available today.
Antivirus software that detects apps known to be harmful is a form of blacklisting. But as a general rule, blacklisting is considered less secure than whitelisting. An antivirus using whitelisting, such as PC Matic, allows only known good apps to run.
The obvious problem with this approach is who defines the set of known good programs. In a corporate environment, an IT department has the resources to review the programs on which employees rely. But a home PC owner who isn't quite a PC expert may not feel qualified to do this, instead delegating review to a trusted party. This has led to cases of rent-seeking, where a gatekeeper demands payment from each developer to review each app.
Bruce Schneier explains further
Almost every client that I have had to deal with infected machines were looking for free movies on the web. They lie and say they have no idea, but when I show them their browsing history then they get all stuttery and defensive. I would say it is about 50/50 with porn and regular movies. I haven't seen many infections thru e-mail that actually make it to the machine.
Saying that Antivirus Software is useless and using Symantec as an example is like saying that editors are useless and using /. editors as examples.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Comment removed based on user account deletion
Yes, I use windows antivirus and have never had any problems.
love is just extroverted narcissism
Let me explain this usage:
In prescriptivist theory, comparative words such as "more" or "increasingly" cannot be used with binary state words such as "unique" or "useless". But in practice, when a comparative word is used with a binary state word, the binary state word takes on the meaning of closeness to that state. So "more unique" means "closer to unique", and "increasingly useless" means "increasingly close to useless".
Privilege separation and sandboxing are well-tested mitigation techniques that allow OpenBSD to assert "Only two remote holes in the default install, in a heck of a long time!" - this security record is far, far superior to the Windows OS and the virus scanners that run atop it.
What Microsoft still fails to grasp, even after Gates' force majeur with the XP-SP2 security redesign, is that all applications should default to a strong sandbox. When a developer pushes code outside the sandbox, it should trigger more aggressive audits prior to listing in the Windows store, and user warnings of increasing severity upon installation.
The pertinent question for developers and administrators, especially with regards to network-facing services, is "how strong can we build the cage, and how little can we let out?" Until OS-designers build from this focus, the security tsunami will continue.