Does Antivirus Software Make You More Vulnerable?

March 2, 2018 547 0

Antivirus software offers coverage from some of the main threats to systems and networks.  However, these platforms have been identified as having certain weaknesses due to the way they penetrate systems and the privileges they receive within these systems.  Experts agree that despite these risks, antivirus software is an important tool as one of the preliminary methods for identifying risks.  Combined with best practices, a reliable antivirus suite is one of the layers users should implement in order to protect themselves from viruses and malicious code.

Vulnerabilities uncovered in Popular Antivirus Software

Most people fall into one of two categories, those who install antivirus software and update it regularly, and those who know they should probably install an antivirus, and are secretly worried their lack of initiative will end up with a virus attack on their computer one day.  Sure enough, the global cybersecurity market is projected to reach $231.94 billion in 2022, growing at a compound annual growth rate (CAGR) of 11% from $137.85 billion in 2017, and fueled by increasing adoption due to the increase in security breaches, especially at the enterprise level, according to MarketsandMarkets.

However, what most people may not realize, is that the very software protecting them from attacks may be leaving their computers and networks vulnerable to attack. In testing performed by enSilo in 2016, leading antivirus products, such as AVG, Kaspersky Lab, and Intel McAfee, as well as others, were found to be insecure, and were subsequently patched.  Flaws in Avast, Comodo, Malwarebytes and Trend Micro, uncovered by a Google researcher, included insecure browser tools, password managers which put sensitive data at risk of exposure, and web browsers which were found vulnerable to attack.

How Does Antivirus Download and Installation Put your Computer at Risk?

Antivirus programs monitor all network ports and examine third-party software programs.  They have high system privileges which enable them to alter processes within the system.  This creates a larger “attack surface”, which is accessible to attack, as the attacker can look for vulnerabilities, not only on the computer system, but on the installed antivirus program as well.  Once the attacker has bypassed the system or found this vulnerability, they could affect the default configuration by taking advantage of the privileges the antivirus was given.

Antivirus software is designed to penetrate deep into operating systems and software, via “hooks” which are placed on various computer systems such as internet browsers, operating systems, and popular software.  However, these hooks often remain accessible to external parties and can enable entry to the system and by hackers, who can then infect the system.

Furthermore, antivirus programs are complex.  This complexity leads to higher likelihood of bugs, which of course are a point of vulnerability of these systems.  The systems require intensive testing to identify the bugs, and not all antivirus developers perform this testing vigilantly.  When antivirus programs are based on open code, they must be continually updated.  Needless to say, that if the provider does not update its systems with code updates, the systems may not protect at the level required of them.

Attackers have Learned to Bypass Antivirus Software

In addition to the above limitations of antivirus software, it is important to remember, that there are a number of security risks that antivirus downloads cannot protect against.  In fact, if in the past antivirus software protected against 80-90% of security threats, it currently protects against less than 10% of the threats to systems.  Cybercriminals realize that many users have downloaded antivirus, and therefore search for a different source of entry into the system.

For instance, Adware, which collects information on users for marketing purposes, is considered malicious Spyware, if it does not inform users of its existence.  Adware is sometimes bundled within freeware programs, and when users skim through terms of service, they may unintentionally agree to its installation.

Users can also become susceptible to malware via phishing attacks.  Phishing attacks lure users onto dangerous websites which can launch unauthorized adware, or any of a host of malware programs which can compromise security, such as ransomware.  Ransomware launches a program which encrypts files and demands a ransom to restore access to these files. Phishing attacks put users at risk of having their login information as well as other sensitive data stolen, by convincing them to sign in to the attacker’s webpage.  Some of these websites run for mere days, and are therefore not covered by antivirus programs.

What are the Best Practices to Ensure Computer Security?

Experts agree that while antivirus programs have limitations, they are still considered an effective method for protecting systems from any of a number of potential threats.  However, as cybercriminals evolve, antivirus downloads should be part of a multifaceted approach to cyber safety.  Below a list of best practices, which, when used together offer a high level of protection:

  1. Keep operating systems up to date – Windows and Apple update their systems with protections from threats, as these threats become known. Users who do not install system updates are leaving themselves wide open to newer threats.  For example, the WannaCry ransomware attack in May 2017 did not attack machines which had updated their devices with the March software update, as it included protection against the attack.  Older operating systems, such as Windows XP and users who did install the update were however vulnerable for attack.
  2. Install and update antivirus programs – antivirus programs are the first line of defense, and are considered an effective method to protect yourself from some of the online threats. Make sure to research the different options and choose a reliable provider.  Make sure to install updates which include patches when bugs are identified and coverage of new threats as they are uncovered. Antivirus systems should include system scan as well as real-time identification of threats.
  3. Install firewalls on router and deviceshardware or software based firewalls monitor traffic and block unauthorized traffic from entering a network. Some include antivirus and antispam functionality
  4. Use dependable email providersleading emails providers, such as Google and Microsoft detect phishing emails and filter them out, decreasing the chances of clicking on a dangerous link. These programs also scan files for viruses, serving as an additional layer of protection. 
  5. Implement usernames and code safety measuresChoose unique usernames and codes, which are difficult to guess. Be sure to sign up and log into the site you trust, so as to protect this sensitive data.  Ensure the legitimacy of sites before giving this are other personal data.  When possible, opt for an additional security key.
  6. Regularly backup your critical files – unfortunately, there is no way to completely protect yourself against all the potential threats. Do yourself a favor and regularly backup important files.  In this manner, you will at least decrease the amount of damage malicious software can cause.  Make sure to keep your backup unconnected to your network, to ensure its safety.
  7. Be smart – steer clear of sites that are known to be dangerous, such as porn sites, or free movie streaming sites. These sites use phishing techniques to get users to click on malware links.  Never click on attachments are links which you are unsure of.

Choosing a Robust Antivirus Suite

Antivirus suites come with a host of different features, and offer different levels of reliability.  Users should carefully research the options available and identify a reliable vendor, who overs optimal coverage and functionality.

TotalAV, a fairly new player, offers a dependable computer scan system, with both quick and deep scan options.  The system includes a real-time scanner to protect against dangerous websites.  Its scan uses minimal CPU, so that the device’s performance is not affected.  Additional features which create a robust offering include a firewall, a tracker cookie hunter, a system boost feature, a disk cleanup feature, a password vault, a feature to easily stop running programs and an uninstallation engine.  Undeniably, however, TotalAV is unique in that it offers a VPN and adblocker as part of the functionality of the suite, enabling an even higher level of security to its user base.

Are Free Antivirus Programs Reliable?

Paid antivirus solutions are generally robust programs which generally include antispyware and firewall protection.  The systems update regularly to offer optimal coverage, and users receive support and maintenance from the vendor.

Alternatively, there are a number of free antivirus programs available.  The free versions of these products generally offer only a basic level of protection, which detects only limited types of threats.  These programs generally scan slower, taking up precious time and resources.

Additional disadvantages to free antivirus programs:

  1. Frequent ads to upgrade to the subscription-based alternative
  2. They use ads to compensate for freeware approach, so the user will likely be subject to multiple ads
  3. Lack of customer support

Antivirus is Part of the Solution, not the Last Line of Defense

Despite the fact that antivirus programs have been shown to increase the potential attack surface of system, they are still considered one of the main methods to identify viruses and malware threats.  It is crucial to keep antivirus software up to date, by installing updates and patches.  It is also important to choose a robust and reliable antivirus suite which offers a high level of security as well as additional features for ensuring security.  Finally, users must realize that their antivirus software is not the last line of defense, and that they must utilize best practices in order to protect themselves from phishing attacks.

Article comments