'Antivirus is getting increasingly useless these days,' wrote Stu Sjouwerman, CEO of KnowBe4, in a blog post. Meanwhile, many experts agree that antivirus software may not do a great job at protecting your computer against today's threats. Hackers get lots of help from careless victims, studies show.Neither the vulnerabilities reported by Mannan nor the Symantec vulnerabilities are known to have been exploited, but that doesn't mean they never have been. "I don't see any clear advantage of using them," he wrote in a followup email, noting that they can slow your machine down and introduce new vulnerabilities. He doesn't use antivirus protection on his primary machines and hasn't for years, he said. However, Mannan recommends that if you use antivirus software, you should choose one that doesn't have the feature or turn it off. Alexandru Balan, chief security researcher for BitDefender, defended his company's encrypted content scanning feature as valuable protection against threats, but said that type of "SSL or TLS filtering" feature needs to be designed and constantly updated in a careful fashion, which he believes his company does. When contacted about Mannan's research, Kaspersky said it was reviewing the research and AVG said it had made precautionary changes to its software. Increasingly, attacks focus on social engineering or phishing that lures users onto compromised websites that can steal information or serve ransomware. "Some of them, they did not even make it secure in any sense." "We were surprised at how bad they were," he said in an interview. 'Surprised at how bad they were'īut Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. In theory, they should make up for it with their own content verification systems. It's not the only instance of security software potentially making your computer less safe.Ĭoncordia University professor Mohammad Mannan and his PhD student Xavier de Carné de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. Symantec said it had verified and addressed the issues in updates that users are advised to install. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. "These vulnerabilities are as bad as it gets. Concordia University professor Mohammad Mannan, who does research on IT security, says he doesn't use antivirus software on his primary machines and hasn't for years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |