Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Good is Antivirus Software at Protecting Itself? (tomsguide.com)

Posted by msmash on from the a-look-at-the-gatekeepers dept.

An anonymous reader writes: Earlier this week, AV-TEST evaluated 19 security suites and found that only three of them seemed to be well protected from savvy potential hackers. First, some context about the tests: The first test measured how well each program uses address space layout randomization (ASLR) and data execution prevention (DEP). Briefly, ASLR randomizes a computer's memory allocation, making it harder for an attacker to target a particular process in a program; DEP is a Windows protocol that designates some memory as non-executable space (other operating systems do this under different names), making it harder (or impossible) for unauthorized programs to run in that space. The second test measured whether the AV programs digitally signed their software-update files. Signing is a way of determining a file's origin and authenticity; unsigned files could be more easily substituted with malicious ones. The final test was the simplest, and determined whether an AV manufacturers delivered its software updates via the encrypted HTTPS web protocol. Lack of encryption makes it easy for an attacker to stage a man-in-the-middle attack by intercepting the data transmission, altering the data and then sending the data back on its way. Of the 19 programs tested, only three succeeded on all counts: Bitdefender Internet Security 2017, ESET Internet Security 10 and Kaspersky Internet Security 17.0. It's difficult to rank the rest of the programs, as each one succeeded and failed to varying degrees.

4 of 73 comments (clear)

  1. Virus called Microsoft by Anonymous Coward · · Score: 2, Funny

    Except it doesn't protect you from Microsoft viruses

  2. Windows Defender is NOT included in the test by williamyf · · Score: 3, Interesting

    That's strange. That is the solution that is in the box for the foreseable future.

    Is updated the same way the rest of the OS is updated... Say what you want about forced updates and restarts, but if you do not trust the update mechanism (signeage of files + Method of delivery) of the OS itself, no ammount of 3rd party AV will do you any good.

    I wonder how it stacks up on ASLR and DEP... but anyhow, I usae a Mac with BootCamp, so no big dealio

    --
    *** Suerte a todos y Feliz dia!
  3. I'm no fan of anti-virus software... by Balial · · Score: 2

    ... but rating them on their use of ASLR is worse than the problem:

    https://forums.grsecurity.net/...

    Find someone who's done some real security analysis, don't see if they bought the snake oil.

  4. AV is very good at this by WillAffleckUW · · Score: 2

    For more information, click on This Google Doc that explains how.

    --
    -- Tigger warning: This post may contain tiggers! --