Sign in with
Sign up | Sign in

Antivirus Software Isn't Very Secure, Researchers Find

By - Source: Tom's Guide US | B 7 comments
Tags :

Credit:  wk1003mike Credit: wk1003mike

Antivirus software is often just as insecure as the software it's meant to protect — and running it might make you even more insecure, according to a researcher with Singapore-based security firm Coseinc.

At the SyScan 360 security conference in Beijing earlier this month, Joxean Koret claimed to have found flaws in antivirus engines found at the hearts of many major antivirus software products, including those made by Avast, Bitdefender, Avira, AVG, Comodo, ClamAV, DrWeb, ESET, F-Prot, F-Secure, Panda and eScan. Koret also documented several ways that antivirus software could be allegedly compromised or manipulated to make what should be a wall into a door.

MORE: Best Free PC Antivirus Software 2014

Koret's presentation, the slides from which are available online as a PDF, began by pointing out that every newly installed program on a computer makes that computer just a little more vulnerable, because it increases the attack surface — it creates that more connections that can be hacked or otherwise exploited. 

The next problem is that antivirus programs often install with high administrator privileges, which lets them perform necessary actions such as  scanning the entire and modifying or removing malicious programs. However, if a antivirus program were compromised, it would have extensive power to abuse the computer on which it was installed. 

Koret said antivirus programs are just as likely to have flaws, even serious zero-day flaws, as any other program, simply because a human being wrote them. For example, most antivirus programs update themselves via insecure HTTP connections, and most of those updates are not cryptographically verified, Koret said.

Koret argues that it would be easy for would-be attackers to stage a man-in-the-middle attack by intercepting an antivirus program's HTTP connection, inserting themselves between the update server and the antivirus software's client machines and thereby gaining access to the antivirus programs on home and business PCs. 

Koret said he had identified bugs in 17 major antivirus programs. Some companies, such as Avast and ESET, had already patched their software by the time of Koret's presentation, but others allegedly had not.

How concerned should regular computer users be about Koret's findings? Not too concerned, said Andreas Marx, CEO of independent antivirus-testing firm AV-TEST in Magdeburg, Germany.

"Insecure code might put the user at risk, as demonstrated in the presentation. However, at the moment, such attacks are more research-oriented (proof of concept) or might be used for targeted attacks," Marx told Tom's Guide. "I'm not aware of a recent widespread virus or other malware which exploited a vulnerability in AV software."

Because there are so many different antivirus programs, none has a commanding share of the market, Marx observed. So why target a single antivirus program when nearly every computer in the world uses other vulnerable products such as Java, Adobe Reader or Adobe Flash Player? 

"With Java, or Adobe Reader, or Flash, you have good targets — if you find a vulnerability, you know that millions of PCs are affected," Marx said. "There are a lot more antivirus products on the market, so you won't easily reach a high infection rate if you exploit a security vulnerability there."

Jill Scharr is a staff writer for Tom's Guide. You can follow her on Twitter @JillScharr and on Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • -3 Hide
    hotwire_downunder , July 28, 2014 4:54 PM
    What a pile of garbage!, This fellow is taking factual data that everyone in the Security Industry already knows and take a totally single sided, sensationalized view and presents it like it's the gospel!

    His research and test samples are of a very small subset. If I didn't know better I would believe this garbage and put myself at risk. Very irresponsible journalism.

    There are good Malware Products and Bad ones just like any other product we use. That's what the test Labs and Reports are for.
  • 2 Hide
    f-14 , July 28, 2014 6:08 PM
    anti virus only protects from known threats and only if those threats don't run around with an skii/anonymous mask over their programming, so to speak.
  • 5 Hide
    Ephebus , July 28, 2014 6:25 PM
    Nothing new here, but the number of morons who trust these pieces of crap is astounding.
  • Display all 7 comments.
  • -3 Hide
    sykozis , July 28, 2014 6:47 PM
    I find this "research" laughable.....
  • 2 Hide
    beayn , July 28, 2014 8:59 PM
    This just in... humans write shitty insecure code...
  • 1 Hide
    FloKid , July 28, 2014 10:26 PM
    Why are they always after my cookie jar bits?
  • -1 Hide
    Haravikk , July 29, 2014 1:40 AM
    Quote:
    anti virus only protects from known threats

    Bollocks, many major antivirus programs now have behavioural threat detection which looks for suspicious program behaviour, not simply signature. Signature-based scanning has been of dubious effectiveness for years, and while it's still a good way to efficiently block known threats, behavioural scanning is what protects you against new ones.


    I agree with hotwire_downunder that this research is very sensationalist, though it does have some useful findings; most important is the continuing reliance by anti-virus software on administrator level privileges. We need better operating system support for anti-virus, and by extension anti-virus programs that don't need lofty privileges in order to function; all they really need is the ability to signal to the OS that a program or file may be infected so that it can restrict it, at which point a user can provide administrator support to fix/remove it, the program shouldn't need that kind of access all the time.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS
urban