Battle Least vulnerable antivirus

[notabot]

Google’s ProjectZero team has found a lot of vulnerabilities in most AVs.
Microsoft made a step in the right direction by adding a sandbox for Defender.

I was wondering, which AV vendors are security conscious with respect to their own products ? There’s little point in trying to further optimize Defender’s good detections & protection if the vendor software introduces new vulnerabilities.

 

[notabot]

In any case the main question is more about AV vendors taking seriously the security of their own products, I don’t agree with security by obscurity but folks are entitled to their views and I’d rather keep the focus on what steps the vendors are taking for the security of their own products.

 

[Deleted member 178]

The least vulnerable AV?


Ummmmmmmm... The one that you don't use?


Itwt

 

[Durew]

I have no solid answers as to what AV is the least vulnerable but this does remind me of the following web page (a bit old):

https://www.av-test.org/en/news/self-protection-for-antivirus-software/

I addition I read somewhere that the more complex an AV is the more likely it is to be exploitable. From this point of view a simple static signature scanner (clamAV?) is the least exploitable option. Least exploitable thus seems in contrast to most effective. Yet another trade off I guess.
Another read you may like:

https://www.blackhat.com/presentations/bh-europe-08/Feng-Xue/Whitepaper/bh-eu-08-xue-WP.pdf

It may help in your quest to find the least exploitable AV solution.
As a closing note the often given advice to not use an administrator account by default. With fewer rights it should be a lot harder to exploit anything.

I hope this helps.

Regards,
Durew

 

[ForgottenSeer 58943]

I addition I read somewhere that the more complex an AV is the more likely it is to be exploitable. From this point of view a simple static signature scanner (clamAV?) is the least exploitable option. Least exploitable thus seems in contrast to most effective. Yet another trade off I guess.

The more complex ANYTHING is the more vulnerable/exploitable it is going to be in any industry really. There is something divine about simplistic yet functional creations of all types. German tanks in WWII were incredibly effective 'when' they worked, but incredibly complex and almost always broken in some way. Boxer engines are more complex and hence, generally they are more unreliable.

Some AV's always appear like a mish-mash of different things thrown in resulting in a complex and likely more vulnerable final product, and without a doubt more bloat. The simplicity and elegance isn't there with most products and I feel that's one area in which the industry fails. This is actually why I appreciate the simplicity of some solutions, like Cylance while I detest the increasing convoluted nature of other suites.

I recently reconstructed the entire network infrastructure of my home. A big part of that was simplifying it and making it more elegant. Running shielded 550Mhz Cat6 direct to each device off a central conduit. Moving many wireless devices to wired. Removing multiple switches from the home. This was done precisely to eliminate potential vulnerabilities and failures within the network.

Simplistic elegance is what's missing from the AV industry and nobody seems willing to step up and address that - apparently. I actually miss Nod32 for this reason. Anyone remember the old Nod32 with the tiny modular interface and no bloat?

 

[Deleted member 178]

Simplistic elegance is what's missing from the AV industry and nobody seems willing to step up and address that - apparently.

Avira free or Emsisoft... Simple and effective for average joe not afraid to spend a little.

 

[ForgottenSeer 58943]

Avira free or Emsisoft... Simple and effective for average joe not afraid to spend a little.

I do like how Emsisoft hasn't compromised this with adding this or that and bloating it up. It's much appreciated for sure.

 

[Deleted member 178]

When people ask me what AVs they should use, I always recommend only those two. Average joe doesn't care of uber-settings or this or that awesome modules, they just want efficient set & forget type of AVs.

 

[notabot]

I’ve never used Emsisoft so I can’t have a view. As comparing the list of emsisoft cves to a more widely used AV is pointless:

Architecture wise, why is it less vulnerable, do they eg have a good track record of keeping kernel level code to the minimum possible, following Microsoft’s guidelines, high code quality etc ?

 

[509322]

Architecture wise, why is it less vulnerable, do they eg have a good track record of keeping kernel level code to the minimum possible, following Microsoft’s guidelines, high code quality etc ?

You have to ask each publisher individually. It's pointless to keep asking about it here.