Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe

Emily Chung, writing for CBC: Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. It's not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. "We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."

Adblock

I think installing an adblocker in your webbrowser is probably the best antivirus available today.

Re:Adblock

For people that don't open attachments, and are more resistant to Trojans, malvertising is probably the top infection vector there is.

I did a test on this a few years back. VM #1 running XP hasn't been patched, other than the browser (Firefox), and doesn't have any AV on it. VM #2 was patched all the way with Windows and all applications and add-ons (Flash, Acrobat, etc.) has all AV stuff, but no ad blocking.

I used VM #1 for dedicated web browsing for a long while, and when I shut it down, mounted the virtual drive, scanned it as well as used Autoruns to look at the registry, it was clean. VM #2, which was used for browsing a few mainstream social media sites was nailed in less than ten minutes with pop-up scareware ads, then software using a third party add-on exploit.

Moral of the story: I can go without AV and have a clean system. AV doesn't do anything against malvertising, and with the advent of sites using Flash + EME to protect their content, AV only adds complexity, expands the attack surface, and does nothing.

Most Clients Get Infected Looking For Free Movies

[zenlessyank]

Almost every client that I have had to deal with infected machines were looking for free movies on the web. They lie and say they have no idea, but when I show them their browsing history then they get all stuttery and defensive. I would say it is about 50/50 with porn and regular movies. I haven't seen many infections thru e-mail that actually make it to the machine.

Now, that's unfair

[Opportunist]

Saying that Antivirus Software is useless and using Symantec as an example is like saying that editors are useless and using /. editors as examples.

Re:that hyperbole though

[EndlessNameless]

not running AV because some researcher are doing next-level shit is like not wearing your seatbelt because a sniper might get you

To extend your analogy, we are now driving at speeds that render the seatbelt inadequate. While it may still be wise to buckle up, we need a better seatbelt design, a supplementary measure, or a replacement.

Right now, we have IDS/IPS applications and ad/script blocking as reasonably good supplements. But even that isn't enough anymore---just as adding an air bag isn't enough to make a car safe at racetrack speeds.

There are suitable solutions for enterprise where the budget and administrative skills can support it, but there is really nothing for home users.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:that hyperbole though

[swillden]

the thing is, 99% of the malware you run into is run-of-the-mill stuff.

Which Windows' built-in antivirus protection will stop.

not running AV because some researcher are doing next-level shit is like not wearing your seatbelt because a sniper might get you.

Nonsense. There's nothing "next level" about this. What Tavis found is that running vulnerable A/V software adds a large and easily-exploitable attack surface to your system. The fact that most current-generation malware isn't exploiting these bugs yet doesn't mean they won't, soon.

Tavis Ormandy has uncovered a shit-ton of serious vulnerabilities in some big name AV / Endpoint Protection products. Great! Those will get fixed and life goes on.

And how many more will be added? A/V software adds attack surface to your system, running at high priority. That's bad. In the past it was a net win because the base OS did nothing to protect against malware, but that's no longer the case. Does Symantec actually provide additional protection over Windows Defender? If so, how do you balance that against the additional risk it adds?