Skip to content

OPLIN 4cast #499: Anti antivirus

Posted in 4cast

virus alertLicenses for antivirus software have been part of most libraries’ annual IT expenditures for decades now. The internet is a dangerous place, as we all know, so why would you not want to protect your public computers? All of a sudden, however, the value of antivirus software seems to be questioned from several different directions. Is it possible that antivirus software could actually make your computers more vulnerable in some cases? (If you are using antivirus software, make sure you keep applying all patches and upgrades as soon as possible.)

  • Intel thinks “Antivirus is s#!+” and dumps useless McAfee (KnowBe4 Cyberheist News | Stu Sjouwerman)  “Antivirus is getting increasingly useless these days. Ransomware attacks in many cases sail right through all the filters because they rely on social engineering the end-user and contain no malware in either the body or the attachment. The bad guys can easily find the email addresses of your users, called your ‘phishing attack surface’.”
  • How to compromise the enterprise endpoint (Google Project Zero blog | Tavis Ormandy)  “Today we’re publishing details of multiple critical vulnerabilities that we discovered, including many wormable remote code execution flaws. These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption. As Symantec use the same core engine across their entire product line, all Symantec and Norton branded antivirus products are affected by these vulnerabilities.”
  • Alert (TA16-187A): Symantec and Norton Security products contain critical vulnerabilities (United States Computer Emergerncy Readiness Team)  “The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.”
  • Antivirus software is ‘increasingly useless’ and may make your computer less safe (CBC News | Emily Chung)  “He [Concordia University professor Mohammad Mannan] doesn’t use antivirus protection on his primary machines and hasn’t for years, he said. ‘I don’t see any clear advantage of using them,’ he wrote in a followup email, noting that they can slow your machine down and introduce new vulnerabilities. Neither the vulnerabilities reported by Mannan nor the Symantec vulnerabilities are known to have been exploited, but that doesn’t mean they never have been.”

Articles from Ohio Web Library: