Most laymen generally employ antivirus and anti-malware software suites to afford them protection against hackers, phishing, and other cyberthreats; and most organizations have a standard security system and protocol for all their computers. But recently, a researcher at global security firm COSEINC, released stunning reports that many common antivirus programs actually have fatal flaws which make the computers they’re installed on even more vulnerable.
The researcher, Joxean Koret, spent approximately a year analyzing antivirus engines and software, and presented his findings at a security conference: that there were roughly 14 high-risk programs, some of which had dozens of security flaws.
The takeaway point? That dedicated hackers could exploit antivirus products as easily as they could exploit other client-side programs. And they’d often use an antivirus program’s system privileges to break their way into a machine.
Often, users allow their antivirus protection programs to operate with the highest possible security clearance on a machine, and the most privileges. So, hackers would use this understanding to leverage their way in. For example, when undergoing updates, most antivirus software gets downloads from the brand’s site; but rarely would brands utilize an HTTPS web connection to download them. So, attackers could slide their own malware into data to execute during that action.
In his talk, the researcher disclosed the names of the biggest offenders, some of which included popular antivirus protection options; and he also went on to say that safer programming languages might also help address many of the safety concerns that he’d found. Many such programs are written in C and C++, which are relatively commonly known in the computing world and easily coded for.
Independently, other security researchers interested in the same subject found similar result even in premium security software: Symantec. And given the recent debacle where Symantec’s organizational protection for the New York Times failed to catch more than 40 instances of malware planted by Chinese hackers, it’s hardly surprising!
Vulnerability researchers continue to say that antivirus software still has a place, and that the protections they provide generally outweigh their potential risks; but caution that users should do their due diligence and properly research which antivirus to install, opting for better, more secure programs.
But how do you find out what those more secure programs are?
Look to an Independent Testing Organization
Want to find the most effective antivirus platform out there? Then look at the ratings published by independent third parties. These organizations test antivirus suites against the latest bugs, and publish the results online so that customers can make informed decisions. Fortunately, many top-tier products have roughly similar scores, so that you have options to pick from even among the most effective tools.
Free or Paid?
Some antivirus software is free, and others are paid. But more goes into the final decision: often, you can find free antivirus options which provide just as much protection as a commercial version … but the commercial versions are generally more user-friendly, and provide bonus features and functions, such as anti-theft modules.
Always Use Antivirus Alongside Common Sense Security
You, the user, are the first line of defense in the cybersecurity war. So, for the best results, always use common sense regarding security issues. Avoid downloading unnecessary programs, and avoid spending time on disreputable-looking sites.
The news that some antivirus programs have flaws, as Koret found, might be surprising to laymen: but for most security analysts, it was expected! No system can offer 100% protection … in part because the methods of modern hackers are always changing. But users who do their due diligence can help reduce the risks they face.
Always stay up to date on current cybersecurity news, and be aware of the most common internet scams and phishing attempts; and when you install antivirus software, ensure you run its scans regularly.
