Duotone

Level 10
Verified
Is your antivirus protecting your computer or making it more hackable?

Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches.

This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities.


Concordia University professor Mohammad Mannan, who does research on IT security, says he doesn't use antivirus software on his primary machines and hasn't for years. (David Ward)

"These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install.

It's not the only instance of security software potentially making your computer less safe.

Concordia University professor Mohammad Mannan and his PhD student Xavier de Carné de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems.

Read more: Could antivirus software make your computer less safe?
 

Exterminator

Community Manager
Verified
Staff member
Maybe true but I feel better using the the ones that have kept me virus free for years.It is obviously true that hackers are getting smarter and better by the day but I also agree that something is better than nothing and still worth having.
Keeping informed and using safe habits goes a long way also and thinking that just because you have an Antivrus/Security Suite installed that you are safe is not true.
However nothing is 100%.If you wear your seat belt and believe that you can never be killed in an accident is also a false sense of security.Wearing it though minimizes your chances and remaining alert,using good judgement and caution is just as important.
Very good article that everyone should read!!
 

pablozi

Level 22
Verified
Trusted
Then the good professor should come to everyone's house to disinfect their systems after following his advice...

but, true it is, security softs are a pain in da... one way or another.
But why? I use different pieces of software and haven't seen any of them in action so the professor is absolutely right. Common sense + up to date software is the key to sucess. The other thing is that it all depends on peoples habits and if someone is turning the protection off to run the crack then there is no software in this world which could keep him safe.
 

N8WARE

Level 1
of course there is no 100% protection and i always use tha rule that says :

antivirus provides 50%
the security knowledge of the user 40 %
the 10% is the your security knowledge updates
 
  • Like
Reactions: DardiM
H

hjlbx

But why? I use different pieces of software and haven't seen any of them in action so the professor is absolutely right. Common sense + up to date software is the key to sucess. The other thing is that it all depends on peoples habits and if someone is turning the protection off to run the crack then there is no software in this world which could keep him safe.
You hit the key note - typical user habits. Typical user is better off with at least something as opposed to nothing. At least Windows Defender.

Even I've been smacked by a drive-by download or two... typical user will have nuclear melt-down if it happened to them. Call Obama and file a complaint...
 

jamescv7

Level 61
Verified
Trusted
Relying too much on traditional approach of an Antivirus will pose a risk, users must be supervise to engage in hardening the protection base by using HIPS, Anti-Exe or IDS to understand the flow of detection.

Well we have no choice but to report through developers, since AV's self-protection must be base on numerous vulnerabilities patterns so no report feedback then lesser improvements.
 

simbelmayne

Level 3
I can't believe that the anti-virus can make thing really worse than they were before its installation. I mean the real anti-virus, not the fake one. What vulnerabilities can call such effect? I will appreciate if someone tell me that
 

jogs

Level 18
Verified
For common users AVs are sufficient, they can handle most of the problems. But for companies AVs alone cannot alone provide wholesome protection as they are more susceptible to targeted attacks.
 

jamescv7

Level 61
Verified
Trusted
I can't believe that the anti-virus can make thing really worse than they were before its installation. I mean the real anti-virus, not the fake one. What vulnerabilities can call such effect? I will appreciate if someone tell me that
One of the primary problem for an AV is the manipulation of their connected files, which may result on disruption of operation hence the program killed.

Manipulation in the sense where an experience users can access the critical source code of the security program without any warning.

Good thing nowadays where a full blown Anti-EXE or HIPS will monitor on those tricky attacks.
 

BoraMurdar

Community Manager
Verified
Staff member
Don't be click happy and you probably won't be infected. Common sense and proper education on prevention is essential.
Windows Defender comes as basic antivirus software and I'm sure it will catch 99,99% of the malware regular computer and internet user encounters.
Someone will always ask "Aha! And what about zeroday malware?"
You will encounter a true zeroday malware (correction again in 99,99999%,) only if you search for one.
Keep your OS updated, your browser and plugins updated, your AV updated, read some news about new exploits and security breaches to increase your awareness and you are good to go. Infections nowadays are like :

  • (Malware) - Hey want to jump into this chasm?
  • (You) - Hmmm, dunno, do I know you,?
  • (Your AV) - I am not sure but I think you shouldn't jump, you see this man first time in your life
  • (Your brain) - JUMP! you see his name is adobeflashplayer2016.exe , SEEMS LEGIT TO ME!
  • (You) - OK, here we goooooooooooooooooooooo.................
  • (Windows Account Control and Smart Screen) - Don't worry, we will catch you!
  • (You) - Go away you boring and irritating security features! (clicks "yes I trust this app")




  • hey, this is not what I was told............. AV, youuuu faileeeeed meeeeeeee
  • (Your AV) -
    iWKad22.jpg
 

simbelmayne

Level 3
I understood, @jamescv7, but It must be the really dumb user to manipulate the program files... For what? Just for fun? Oh here's a folder, and some weird folders and files in there, hmm, it's interesting, I will open them in notepad and type "Jimmy was here". I admit that it might happen, but in 99% of cases such things can do only a child. And if you know that a child uses your machine - just put a password on the important folders. ez!

And @BoraMurdar, you know that you're right, but there are different cases. Imagine that you want some program, and you want it really bad. You are on the new machine, and you need Word or Excel, or AV-tool, or whatever. You found the needed program, ( in torrent, of course) and you see that there is the setup.exe file, you can't see what's there. No, it's a trap, you search further, found some other suspicious things and finally there it is. Program seems good, but during the intallation you see the window with "I aggree to install MegaTrash browser, SuperJunk Antivirus and Useless Media Player". Checkboxes are already filled, and you can't remove them, just abort the installation. It's naturally to say ok, I will remove that later, and proceed. For some people, not for me, I use Unchecky for such things =)
 
H

hjlbx

AV only makes matters worse if malc0ders target the vulnerabilities in the AV.

The likelihood that the vast majority of malc0ders will spend any significant amount of time trying to locate vulnerabilities in AVs is almost next to zilch (0). The level of expertise, time and effort required is at a high level. Most malc0ders are too busy buying\pumping-out and collecting earnings from run-of-the-mill malware.

If every single soft was targeted with serious effort, then there is little - if anything - any of us could do to protect our systems and data... except to stay off all digital devices.

You are better off with an AV than without it. An AV with a vulnerability will still block malicious files (if there is a signature for it) and many malicious actions.

Vulnerability ≠ completely incapable of protecting your system.

Vulnerability = screwed under a specific set of circumstances (targeting malware executed)
 

simbelmayne

Level 3
I totally agree with your statement, we talk only about common viruses, which are like the vampires - they need an invitation to come in. The targeted attack on someone's PC is a really rare thing, and if it happens - or you're an ordinary guy who pissed of the hacker, or you have lots of interesting stuff on your PC and must protect it with all possible ways.
 
H

hjlbx

I totally agree with your statement, we talk only about common viruses, which are like the vampires - they need an invitation to come in. The targeted attack on someone's PC is a really rare thing, and if it happens - or you're an ordinary guy who pissed of the hacker, or you have lots of interesting stuff on your PC and must protect it with all possible ways.
Malc0der just needs to publish malware that targets the vulnerability in an AV.

All that is required is for that targeting malware to get onto system and execute; getting the malware onto a user's system can be achieved by any of a number of means.

There is no need to hack a user's system to get the malware onto the system and for the attack to succeed.
 

BoraMurdar

Community Manager
Verified
Staff member
And @BoraMurdar, you know that you're right, but there are different cases. Imagine that you want some program, and you want it really bad. You are on the new machine, and you need Word or Excel, or AV-tool, or whatever. You found the needed program, ( in torrent, of course) and you see that there is the setup.exe file, you can't see what's there. No, it's a trap, you search further, found some other suspicious things and finally there it is. Program seems good, but during the intallation you see the window with "I aggree to install MegaTrash browser, SuperJunk Antivirus and Useless Media Player". Checkboxes are already filled, and you can't remove them, just abort the installation. It's naturally to say ok, I will remove that later, and proceed. For some people, not for me, I use Unchecky for such things =)
Just always download from trusted source. Some free software are bundled with adwares, unneeded software, toolbars etc. Just carefully read and opt it out. I know, some are really hard to spot, but for regular software, there should be always an option to disable installing those unneeded things. If there's no such option, then the whole installer is usually marked as PUP.
 

jamescv7

Level 61
Verified
Trusted
@simbelmayne: Manipulation is not only on simple techniques but rather some custom tools that can execute operation where AV's does not recognize any self protection threat.

Any AV as long the crucial processes run on system will block any common manipulations.
 
  • Like
Reactions: DardiM