Battle Least vulnerable antivirus

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Google’s ProjectZero team has found a lot of vulnerabilities in most AVs.
Microsoft made a step in the right direction by adding a sandbox for Defender.

I was wondering, which AV vendors are security conscious with respect to their own products ? There’s little point in trying to further optimize Defender’s good detections & protection if the vendor software introduces new vulnerabilities.
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
In any case the main question is more about AV vendors taking seriously the security of their own products, I don’t agree with security by obscurity but folks are entitled to their views and I’d rather keep the focus on what steps the vendors are taking for the security of their own products.
 

Durew

Level 1
Verified
Aug 1, 2017
17
I have no solid answers as to what AV is the least vulnerable but this does remind me of the following web page (a bit old):
Code:
https://www.av-test.org/en/news/self-protection-for-antivirus-software/
I addition I read somewhere that the more complex an AV is the more likely it is to be exploitable. From this point of view a simple static signature scanner (clamAV?) is the least exploitable option. Least exploitable thus seems in contrast to most effective. Yet another trade off I guess.
Another read you may like:
Code:
https://www.blackhat.com/presentations/bh-europe-08/Feng-Xue/Whitepaper/bh-eu-08-xue-WP.pdf
It may help in your quest to find the least exploitable AV solution.
As a closing note the often given advice to not use an administrator account by default. With fewer rights it should be a lot harder to exploit anything.

I hope this helps.

Regards,
Durew
 
F

ForgottenSeer 58943

I addition I read somewhere that the more complex an AV is the more likely it is to be exploitable. From this point of view a simple static signature scanner (clamAV?) is the least exploitable option. Least exploitable thus seems in contrast to most effective. Yet another trade off I guess.

The more complex ANYTHING is the more vulnerable/exploitable it is going to be in any industry really. There is something divine about simplistic yet functional creations of all types. German tanks in WWII were incredibly effective 'when' they worked, but incredibly complex and almost always broken in some way. Boxer engines are more complex and hence, generally they are more unreliable.

Some AV's always appear like a mish-mash of different things thrown in resulting in a complex and likely more vulnerable final product, and without a doubt more bloat. The simplicity and elegance isn't there with most products and I feel that's one area in which the industry fails. This is actually why I appreciate the simplicity of some solutions, like Cylance while I detest the increasing convoluted nature of other suites.

I recently reconstructed the entire network infrastructure of my home. A big part of that was simplifying it and making it more elegant. Running shielded 550Mhz Cat6 direct to each device off a central conduit. Moving many wireless devices to wired. Removing multiple switches from the home. This was done precisely to eliminate potential vulnerabilities and failures within the network.

Simplistic elegance is what's missing from the AV industry and nobody seems willing to step up and address that - apparently. I actually miss Nod32 for this reason. Anyone remember the old Nod32 with the tiny modular interface and no bloat?
 

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
I’ve never used Emsisoft so I can’t have a view. As comparing the list of emsisoft cves to a more widely used AV is pointless:

Architecture wise, why is it less vulnerable, do they eg have a good track record of keeping kernel level code to the minimum possible, following Microsoft’s guidelines, high code quality etc ?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top