This is a follow-up to my article, Virus False Positives: How Can You Be Sure?, published yesterday at https://goo.gl/ydVT0i. Today, CBC News published an article by Emily Chung that says that anti-virus software is essentially useless. In fact, that software may be making your computer more hackable than a computer with no anti-virus software installed at all!
This week, the U.S. Department of Homeland Security’s Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google’s Project Zero found critical vulnerabilities. “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible,” wrote Google researcher Tavis Ormandy in a blog post.
Symantec said it had verified and addressed the issues in updates that users are advised to install. It’s not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan’s research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn’t do a very good job. “We were surprised at how bad they were,” he said in an interview. “Some of them, they did not even make it secure in any sense.”
NOTE: The article seems to apply only to systems running the Windows operating system.
You can read Emily Chung’s article at http://www.cbc.ca/news/technology/antivirus-software-1.3668746.
So what is the solution? Perhaps all of us should switch to Chromebooks, computers that have never been affected by a virus. In addition, the programmers of Chromebooks are confident that is a Chromebook virus ever appears (which is doubtful), they will be able to quickly issue a Chromebook operating system update that will neutralize the problem.
Another solution is to switch to computers that are resistant to viruses, although perhaps not perfect: Linux, UNIX, and Macintosh. These systems rarely get viruses and, when they do, the viruses historically have been very easy to delete.