Which antivirus you use? Are you sure it is reliable? If so, do you support your answer? During the weekend, one of Google's leading security researchers, our well known, Tavis Ormandy, his blog something that many would not like. His publication criticized the certifications in programs προστασίας από ιούς που απονέμουν βραβεία χωρίς νόημα σε ατελή προϊόντα ασφαλείας.
His problem stemmed from the fact that at this year's RSA security conference held in early March, Verizon's ICSA Labs rewarded Comodo with the 2016 Excellence in Information Security Testing Award.
Ironically, however, in this case, Mr Ormandy had discovered several security loopholes in Comodo's Antivirus products.
The researcher was the first to discover that Comodo's products (antivirus and comprehensive security suites) themselves add insecure browsers that disable the Same-Origin Policy, a key security feature in web browsers. He also discovered that Comodo's scanning process does not enable ASLR protection, and generally the antivirus makes incorrect use of ACLs (access lists control access).
Comodo runs VNC on each computer and the code is:
The safe Comodo browser does not provide security
Later, he also discovered that one of the tools Comodo's tech support feature that is enabled by default in some of the company's security products was using an insecure VNC with weak credentials.
The issues δεν σταματούν εδώ. Ο κ Ormandy, ανακάλυψε επιπλέον σφάλματα που επιτρέπουν σε έναν εισβολέα να δει τις πληκτρολογήσεις του θύματος μόνο με τη σάρωση ενός αρχείου.
So, according to the above, it should not be surprising that Mr Ormandy has a problem that Verizon has honored Comodo with an excellence award in the field of information security.
But in addition to Comodo, Mr. Ormandy also mentioned the criteria used by Verizon to certify Comodo with high standards of information security.
When Verizon published its award methodology, Mr Ormandy pointed out that it was extremely simplistic.
Most antivirus products can go through certification requirements as they describe basic antivirus features, half of which are related to UI features.
Zero Day in Trend Micro software
Some of the certification "criteria" include:
- "Enable and disable malware detection" (is a key start / stop button for the scanning process),
- “Recovery and application of the latest version and signatures over the Internet" (the antivirus should be able to receive updates),
- "On-Demand Detection" (the antivirus should scan while it is already running on a file that enters the computer),
and - "Reports without false positives" (well, ok!)
.
Here we should mention that Mr Ormandy's criticism was not just about Verizon's award to Comodo, and he said that antivirus products are, in general, precarious.
"All the big security vendors use ancient codebases without being aware of modern security practices, and hacking is back in 1999," said the researcher.
Two zero-day products in FireEye security company
The researcher seems to be right, supporting it by providing reviews for a bunch of security applications. Mr. Ormandy discovered security issues in security products from companies such as Avast, Malwarebytes, Trend Micro, AVG, FireEye, Kaspersky, and ESET.
Zero-day exploit Kaspersky's antivirus
Vulnerability in ESET products, upgrade immediately
He did his research without having access to the source code, with point-and-click security tools, and basic techniques learned by each security researcher.