Which antivirus are you using? Are you sure it's reliable? If so, where do you base your answer? Over the weekend, one of the top researchers Google's security expert, our acquaintance Mr. Tavis Ormandy, posted on his blog something he would not like to many. His publication criticized anti-virus programs that award meaningless awards to incomplete security products.
His problem stemmed from the fact that at this year's RSA security conference held in early March, Verizon's ICSA Labs rewarded Comodo with the 2016 Excellence in Information Security Testing Award.
Ironically, however, in this case, Mr Ormandy had discovered several security loopholes in Comodo's Antivirus products.
The researcher was the first to discover that Comodo's products (antivirus and comprehensive security suites) add themselves ifsafe browser that disable the Same-Origin Policy, a key security feature in web browsers. He also discovered that Comodo's scanning process does not enable ASLR protection, and generally the antivirus makes incorrect use of ACLs (access control lists).
Comodo runs VNC on each computer and the code is:
The safe Comodo browser does not provide security
Later, he also discovered that one of Comodo's pre-activated tech support toolschoice σε μερικά από τα προϊόντα ασφαλείας της εταιρείας, χρησιμοποιούσε ένα ανασφαλές VNC με αδύναμα data connection.
The themes do not stop here. Mr Ormandy has discovered additional errors that allow an attacker to see the victim's keystrokes only by scanning a file.
So, according to the above, it should not be surprising that Mr Ormandy has a problem that Verizon has honored Comodo with an excellence award in the field of information security.
But in addition to Comodo, Mr. Ormandy also mentioned the criteria used by Verizon to certify Comodo with high standards of information security.
When Verizon published its award methodology, Mr Ormandy pointed out that it was extremely simplistic.
Most antivirus products can go through certification requirements as they describe basic antivirus features, half of which are related to UI features.
Zero Day in Trend Micro software
Some of the certification "criteria" include:
- "Enable and disable malware detection" (is a key start / stop button for the scanning process),
- "Retrieve and apply the latest version and signatures over the Internet" (antivirus should be able to receive updates),
- "On-Demand Detection" (the antivirus should scan while it is already running on a file that enters the computer),
and - "Reports without false positives" (well, ok!)
.
Here we should mention that Mr Ormandy's criticism was not just about Verizon's award to Comodo, and he said that antivirus products are, in general, precarious.
"All the big security vendors use ancient codebases without being aware of modern security practices, and hacking is back in 1999," said the researcher.
Two zero-day products in FireEye security company
The researcher seems to be right, supporting it by providing reviews for a bunch of security applications. Mr. Ormandy discovered security issues in security products from companies such as Avast, Malwarebytes, Trend Micro, AVG, FireEye, Kaspersky, and ESET.
Zero-day exploit Kaspersky's antivirus
Vulnerability in ESET products, upgrade immediately
He did his research without having access to the source code, with point-and-click security tools, and basic techniques learned by each security researcher.