Antivirus software is 'increasingly useless' and may make your computer less safe

[Batu69]

How to protect your data and devices in the post-antivirus age

This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities in it.

 

Is your antivirus protecting your computer or making it more hackable?

Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches.

 

This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities.

 

Concordia University professor Mohammad Mannan, who does research on IT security, says he doesn't use antivirus software on his primary machines and hasn't for years.

"These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install.

 

It's not the only instance of security software potentially making your computer less safe.

Concordia University professor Mohammad Mannan and his PhD student Xavier de Carné de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems.

'Surprised at how bad they were'

But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job.

"We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."

 

Increasingly, attacks focus on social engineering or phishing that lures users onto compromised websites that can steal information or serve ransomware.

When contacted about Mannan's research, Kaspersky said it was reviewing the research and AVG said it had made precautionary changes to its software. Alexandru Balan, chief security researcher for BitDefender, defended his company's encrypted content scanning feature as valuable protection against threats, but said that type of "SSL or TLS filtering" feature needs to be designed and constantly updated in a careful fashion, which he believes his company does.

 

However, Mannan recommends that if you use antivirus software, you should choose one that doesn't have the feature or turn it off.

He doesn't use antivirus protection on his primary machines and hasn't for years, he said.

 

"I don't see any clear advantage of using them," he wrote in a followup email, noting that they can slow your machine down and introduce new vulnerabilities. 

Neither the vulnerabilities reported by Mannan or the Symantec vulnerabilities are known to have been exploited, but that doesn't mean they never have been.

 

Meanwhile, many experts agree that antivirus software may not do a great job at protecting your computer against today's threats.

 

'Antivirus is getting increasingly useless these days,' wrote Stu Sjouwerman, CEO of KnowBe4, in a blog post. (KnowBe4)

"Antivirus is getting increasingly useless these days," wrote Stu Sjouwerman, CEO of KnowBe4, which trains employees of other companies to be smarter about internet security, in a blog post this week.

 

When asked to elaborate in an interview, he said, "The bad guys … basically have gone smart and they say, 'We're not going to try and circumvent antivirus. We're just going to attack organizations at the weakest link in IT security, which is the user.'"

 

Increasingly, attacks focus on social engineering or phishing that lures users onto compromised websites that can steal information or serve ransomware.

Those websites are so short-lived that antivirus software often doesn't update fast enough to recognize them, Sjouwerman added.

Still worth it?

J. Paul Haynes, CEO of Cambridge, Ont.-based cybersecurity firm eSentire, said that while antivirus software used to protect against 80 to 90 per cent of threats, but it's now thought to protect against less than 10 per cent because of the cybercriminal tactics cited by Sjouwerman.

 

"It gets a little worse every day, every week, every month," Haynes said.

But both Sjouwerman and Haynes suggest that even a small level of protection offered by antivirus software may still be worth the price for corporations.

 

"This is the easiest and cheapest stuff to stop," Haynes said.

However, they both warned against having a false sense of security if you have an antivirus installed.

 

For the consumer, Haynes said, "ransomware is probably the thing that people have to worry about." Ransomware typically encrypts your files and demands a ransom of several hundred or thousand dollars to restore access.

 

And because those compromised websites are so short-lived, "it wouldn't matter how good your antivirus is," Haynes said, you'd still be vulnerable.

Tips for protecting yourself

So what can you do to protect yourself in the post-antivirus age?

Mannan, Haynes and Sjouwerman all have similar recommendations:

• Back up everything regularly. You can back up photos and non-sensitive files to the cloud. But you should also keep a backup on an external hard drive that is not physically connected to your computer (otherwise it can be compromised in a ransomware attack). That way, if you get attacked by ransomware or another threat, you can roll back to the previous version of your computer.
• Keep your operating system and software such as browsers up to date and patched. Turn on automatic updates if they're available.
• Think before you click on links or attachments. If you're not sure about them, get in touch with the person who sent them to double-check.

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

 

Article source

[vitorio]

Good sense using the internet is the key for me.

[Sylence]

We're getting closer to the Doomsday. I remember one of the signs was this:  Antiviruses will become useless 

[shorty6100]

Not using antivirus is worse. Add common sense to your arsenal goes a long way.

[steven36]

2 hours ago, saeed_dc said:

We're getting closer to the Doomsday. I remember one of the signs was this:  Antiviruses will become useless 

My great grandma  before she died at 90 some years old told me when she was a kid they told her the end of world was near when she was a child . The world existed 1000s of years without computers  or electricity  at all  and we were really better off  than we are now . People said Y2K was going to be doomsday the year 2000 and everyone went around and horded up food  and wasted there money  on something that never happened . Back after World War 2  people built bomb shelters  and stored up food in fear of a nuclear  attack and that never happen ether.  Back in the early 2000s Antivirus  was not very useful to began with . It was not tell  they wrote many many signatures for years that they got computer viruses under control .

 

Here is a article from 2004 talking about XP SP1 Infected in 20 minutes

http://www.theregister.co.uk/2004/08/19/infected_in20_minutes/

 

After they got Virus under control Virus writers changed to writing  Malware .  We had to use programs like Lavasoft , Spybot and Spyware Doctor  , It was not  tell long after programs like SAS  and MAM came out that most Antivrius  got Anti Malware signatures  in the software .  This was the the reason I used Kaspersky  5  back in the day it was like the only one that could prevent a lot of infections .  Even if you did get infected its not the end of the world you can just reformat  . That's why you should make backups of important  stuff .

[Cerberus]

Yes sir, backup backup backup.  I cant say it enough.  lol

[straycat19]

9 hours ago, shorty6100 said:

Not using antivirus is worse. Add common sense to your arsenal goes a long way.

 

Common sense tells me I don't need software running on my  computer that has been proven to NOT be effective in stopping the majority of malware.  I haven't had any AV software on any of my computers for at least 7 years.  None of my computers have ever been affected by malware, nor can they be.  It simply cannot run on any of my systems.  Am I sure of this? Absolutely.  Before using the setup I currently use on all my computers I tested it and tried to intentionally infect it with over 175 different malware programs, rootkits, trojans, and have even tested it against ransomware.  None of it will even run so it can't possibly make any changes to my system.  But I still make full image backups of all my systems daily to my NAS and keep the last 6 for each system.  A little redundancy doesn't hurt either.

[shorty6100]

I also have images, as well. Macrium Reflect has been very useful for many years.

[Holmes]

Those malware programs must not be very good and again its foolish to think that antiviruses are useless.  Go ahead and say Im drinking microsoft coolaid you seriously are old and need to come up with better material i dont drink the microsoft coolaid.  I think your smarter then we think you are your not nearly as smart as you think you are.  I have a friend that specializes in making viruses and I guaranteee you one of his viruses could destroy your systems.  I love click bait articles this one is same as them.

[Alanon]

If you're going with that logic, it would be like saying since there's no real defence from a speeding bus, there's no point in looking left and right before crossing the street.

 

The fact that there is hyper efficient malware out there doesn't mean that you shouldn't defend against stuff that they are able to defend you from.

[pc71520]

12 hours ago, shorty6100 said:

Macrium Reflect has been very useful for many years.

Imaging has been the last line of defense against Malware.

[aron94hun]

i never used any antivirus software myself, and I didn't get viruses at all

[Sylence]

19 hours ago, Holmes said:

Those malware programs must not be very good and again its foolish to think that antiviruses are useless.  Go ahead and say Im drinking microsoft coolaid you seriously are old and need to come up with better material i dont drink the microsoft coolaid.  I think your smarter then we think you are your not nearly as smart as you think you are.  I have a friend that specializes in making viruses and I guaranteee you one of his viruses could destroy your systems.  I love click bait articles this one is same as them.

 

Lol  

[AlienForce1]

You have too much confidence that your PC-s can`t be infected with malware - in the last months I have seen quite a few companies with PC-s (and their backup NAS also) infected with ransomware ... 

 

 

PS :  NAS uses a Linux based software , but that didn`t count - their backup files were also crypted ...

[AlienForce1]

Another thing to think about :  major part of PC users don`t have much (or any) knowledge of internet , security , vulnerabilities ... They just want to use the PC , looking for various things on internet , chatting on Facebook with friends , read e-mail ... and so on .  So , for the most of the PC users an AV updated can be really useful and with bigger chances to protect them from common malware that they might encounter while surfing on internet .

[CODYQX4]

.

[steven36]

2 hours ago, CODYQX4 said:

 

Besides, there are Linux specific ransomware programs out there anyway.

The people who are responsible for Linux ransomware don't know how too code on Linux so every time it was found it was easly Decrypted . Every since 2015  when it 1st  came around . Also it only effects mostly Linux  Server were alot people use that don't know nothing about Linux . 

http://www.zdnet.com/article/how-to-fix-linux-encoder-ransomware/

 

Quote

 

A NAS unit is a computer connected to a network that provides only file-based data storage services to other devices on the network. Although it may technically be possible to run other software on a NAS unit, it is usually not designed to be a general-purpose server. For example, NAS units usually do not have a keyboard or display, and are controlled and configured over the network, often using a browser.

 

A full-featured operating system is not needed on a NAS device, so often a stripped-down operating system is used. For example, FreeNAS or NAS4Free, both open source NAS solutions designed for commodity PC hardware, are implemented as a stripped-down version of FreeBSD.

 

NAS systems contain one or more hard disk drives, often arranged into logical, redundant storage containers or RAID.

 

NAS uses file-based protocols such as NFS (popular on UNIX systems), SMB/CIFS (Server Message Block/Common Internet File System) (used with MS Windows systems), AFP (used with Apple Macintosh computers), or NCP (used with OES and Novell NetWare). NAS units rarely limit clients to a single protocol.

https://en.wikipedia.org/wiki/Network-attached_storage

 

NAS  is more like FreeBSD  is more like MAC OSX  than Linux  it's UNIX,  Mac OSX had a outbreak of ransomware in  Transmission before even .

 

OS X and FreeBSD

Quote

 

The two operating systems do share a lot of code, for example most userland utilities and the C library on OS X are derived from FreeBSD versions. Some of this code flow works in the other direction, for example FreeBSD 9.1 and later include a C++ stack and compiler that were originally developed for OS X, with major parts of the work done by Apple employees. Other parts are very different.

The XNU kernel used on OS X includes a few subsystems from (older versions of) FreeBSD, but is mostly an independent implementation. The similarities in the userland, however, make it much easier to port OS X code to FreeBSD than any other system. For example, both libdispatch (Grand Central Dispatch in Apple's marketing) and libc++ were written for OS X and worked on FreeBSD before any other OS.

 

 

 

Quote

BSD can execute most Linux binaries, while Linux can not execute BSD binaries. Many BSD implementations can also execute binaries from other UNIX® like systems. As a result, BSD may present an easier migration route from other systems than Linux would.

 

So  most likely any rasnomware made for any Unix  would run in  NAS but  would not even run in Linux unless it was really made for Linux .

[Cerberus]

Think the biggest threat now days is ransomeware.  I do not consider this type of attack even in the same ballpark as malware, spyware, etc.  Periodic backup and reinstall 20 mins later backup and running so this is no big threat.  BUT ransomeware is scary.  This happened to a friend of mine.  He had a HP lappy with 8.1 on it and I guess from what M$ said HP used the same key too many times in the bios and some got locked out of the computer via M$ type ransomeware.  He had to buy another lappy, Dell this time but surprised me that M$ is using a similar method in order to lock out ppl.  This is ransomeware no matter what M$ calls it.  I have seen other types of ransomware where some was told to send money in order to unlock it.  Even OEM's say to pay it if you want your computer back.  Now this bring up another question in my head, what is to stop them from locking it again?  lol  I know I laughed while typing this but seriously, whats to stop them?  Seems once infected it is h*ll to get rid of, if you can.

[SnakeMasteR]

You need to infect yourself again, if that happens, you've probably not learned from the last time.

The question isn't what stops them from locking it again, you need to adapt, there is no magic involved, just be cautious and if you aren't sure, don't click it!

[steven36]

1 hour ago, Cerberus said:

Think the biggest threat now days is ransomeware.  I do not consider this type of attack even in the same ballpark as malware, spyware, etc.  Periodic backup and reinstall 20 mins later backup and running so this is no big threat.  BUT ransomeware is scary.  This happened to a friend of mine.  He had a HP lappy with 8.1 on it and I guess from what M$ said HP used the same key too many times in the bios and some got locked out of the computer via M$ type ransomeware.  He had to buy another lappy, Dell this time but surprised me that M$ is using a similar method in order to lock out ppl.  This is ransomeware no matter what M$ calls it.  I have seen other types of ransomware where some was told to send money in order to unlock it.  Even OEM's say to pay it if you want your computer back.  Now this bring up another question in my head, what is to stop them from locking it again?  lol  I know I laughed while typing this but seriously, whats to stop them?  Seems once infected it is h*ll to get rid of, if you can.

If i was to ever catch ransomware witch I never have knock on wood ,  id just pull out my DVD and reformat . I back up what i want too keep once a day on a external  HDD and unplug it . But its not so easy for me if it happen on this system Id have to reinstall all 3  O/S because I'm triple booting O/S if one would get zaped I redo all of them .so it would take me more like 60 min or longer ,

 

Sometimes i reinstall every thing to change stuff around anyways for the fun of it if I get bored . But  for someone that's not use to reformatting  and stuff  it would be scary  lol.  I lost windows 8.1 on this PC when my HHD went bad  but lucky  for me i had Windows 10 installed  on it and has Digital entitlement it reactivated fine after changing it. out. I could always pirate Windows 8.1 with a Mac key if i had too lol .

 

Witch i didn't even bother to redo it too windows 10 tell a few weeks ago.  I just used Linux on this one, because I have other PCs with windows, but  I just deiced to started using windows and Linux  both on it lol .

[Cerberus]

4 hours ago, n0_risk! said:

You need to infect yourself again, if that happens, you've probably not learned from the last time.

The question isn't what stops them from locking it again, you need to adapt, there is no magic involved, just be cautious and if you aren't sure, don't click it!

You need to re-read my post again.  It wasnt me but friends which have no real tech background other then where is the any key. lol  I hate to say that about them but it is true.  lol  I havent had anything like that but I only go to a handful of sites that I trust so I am not really at risk.  I dont even look at email if I dont know the person, delete without question.  I am cautious, maybe a lil too much but that is ok.  I always backup.  In fact I am OCD about it.  lol  I keep nothing on my computers, nothing but the bare min.