Your browser is obsolete!

The page may not load correctly.

Anti-virus fallacies

Антивирусная неправда

Other issues in this category (39)
  • add to favourites
    Add to Bookmarks

Onward into the prehistoric past

Read: 8515 Comments: 2 Rating: 43

Thursday, March 2, 2017

The truth is rarely pure and never simple.

Oscar Wilde

We've already discussed many IT myths, and so far we see no reason to stop. It’s always useful to explain why a certain point of view is wrong rather than simply claim that it’s false. Any reasonable statement should be supported by convincing arguments.

Firefox engineer and hacker Robert O'Callaghan has temporarily left Mozilla; thus he became free of his corporate obligations and can now speak his mind without reservation. He encourages users to immediately remove any third-party anti-virus from their computers (but to keep Windows Defender).

No supporting arguments about Windows Defender were provided, so it's not quite clear why it is better than the others, but we’ll let that rest.

But let's take a look at anti-virus testing results—the first link returned by the search engine.

While most solutions tested showed a detection rate ranging from 95%-100%, the Microsoft software blocked less than 75% of threats.

What does hacker Robert O'Callaghan suggest?

Keep the operating system up to date and install all the latest security patches.

A very reasonable and useful recommendation, especially because most users don't like to install updates. But for some reason he fails to mention that any system has unknown vulnerabilities—an endless stream of new security updates proves just that. If only criminals know about a vulnerability, who will prevent them from deploying a Trojan or a worm in a system?

The post also indicates that anti-virus software is prone to having vulnerabilities.

Indeed. But we do fix them!

And thanks to automatic updating, anti-viruses are in fact usually the first to get rid of their vulnerabilities—you can't say the same about any other applications.

> but many users neither update their anti-viruses nor install patches.

And this is the actual problem.

> An anti-virus is a tempting target for attacks.

And that's what firewalls are for. An anti-virus doesn't need to establish any outbound connections. It only sends update queries. And even if a vulnerability exists in a system, that system will still be more secure with an anti-virus than without one.

Most anti-virus vulnerabilities can only be exploited locally on a machine on which an anti-virus is running. But if a user gives administrative privileges to a new program he/she has just installed, why is it the anti-virus's fault?

An anti-virus is the single biggest obstacle in the way of developers who seek to design a completely secure browser.

On average, 29% of PC users and 6% of handheld owners ignore security warnings when downloading extensions.

Clearly, an anti-virus is a security loophole not only because of the new vulnerabilities it introduces into a system. It is a vulnerability by nature because many anti-viruses install their own root certificate without any warning and use the MitM principle to intercept HTTP traffic.

Yet most sites nowadays make use of encrypted traffic, and if they get compromised, the malware will be transmitted in an encrypted format too. How can an anti-virus scan traffic without decrypting it?

Developers commit a lot of time to bypassing anti-virus security measures.

So now browser developers are devising ways to circumvent security measures? How interesting!

So now browser developers are devising ways to circumvent security measures? How interesting!

So now browser developers are devising ways to circumvent security measures? How interesting!

Without a sandbox, what will you do when your favourite site is compromised, and whenever you visit it, a zero-day exploit pack is applied? A browser doesn't need your command to execute the code. Just recall the recent vulnerability that could be exploited using a specific image file.

And by the way:

  • In early 2017 Robert O'Callaghan gave browser developers flak because all of them (except for Mozilla) were putting their own business agendas first, without giving sufficient regard to web standards;
  • In 2014, he encouraged users to discard Chrome because doing otherwise may someday result in Google having a monopoly on the web;
  • In 2013, the then-new Chrome's engine Blink came under fire;
  • In 2010 he and other Mozilla engineers got into a row with Microsoft because it claimed that IE was the only browser that fully supported hardware acceleration.

#anti-virus #myth

The Anti-virus Times recommends

What are all those people who are encouraging users to remove all that unnecessary software actually recommending? Perhaps, we should go back to the Stone Age and produce cave paintings by pounding away at rock walls with a chisel?


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.