- Get link
- X
- Other Apps
The purpose of antivirus programs is to detect viruses or Trojans, to warn of the threat, and to eliminate them as soon as possible. But what happens if the antivirus program itself has loopholes? Employees of the security company Rack911 Labs have now found out. In their search, however, they did not come across an antivirus program with security holes, but rather a total of 28. The problems could also be found in a wide variety of operating systems, including Windows, macOS, and Linux.
Security vulnerabilities in antivirus programs
In the vast majority of cases, antivirus software works as follows: The antivirus program individually checks each file stored on your PC for threats. If the program detects a malware, this file is either blocked or even deleted directly. This process, which is the same for most anti-virus programs, was able to be exploited by the Rack911 Labs experts. They created a malicious file that 28 antivirus programs detected correctly. Before deleting the file, replace the malicious file with a redirect to important system files. Instead of checking again, the anti-virus programs deleted the PC's system files. This could potentially delete the antivirus program itself, the operating system, and many other important files on the computer.
These antivirus programs are affected by the vulnerability
The test series from Rack911 Labs started in 2018. In the first test the programs from Kaspersky, Microsoft, McAfee, Eset, F-secure, Sophos, Avira, Bitdefender, and Webroot were tested. After the security experts were able to uncover numerous loopholes, the test was quickly expanded.
At the end of the year, the team of security experts began reporting the vulnerabilities to the manufacturers and communicating significant security issues to them based on the audit. Almost all providers have complied with the suggestions and have now closed the security gap. The statement by Avast and AVG to “Swiss IT Media” was interesting. It was announced here that the vulnerability did not affect these two programs. According to the manufacturers, Avast and AVG File Shield should directly detect and block the attacks. Unfortunately, Rack911 has not yet published which manufacturers have closed the security gap and which are still vulnerable. Avira, F-Secure, and Kaspersky have commented themselves and report that they have now fixed the bug.
Tips on using antivirus software
While using an antivirus is often considered a nuisance due to the potential for slowing down system performance, it is essential. Windows users, in particular, should be concerned about an antivirus program, because Windows is currently the most widespread operating system and is, therefore, most frequently attacked worldwide, sometimes with commercial malware. As already described above, an antivirus program scans your files for malware at regular intervals. This is done using so-called “signatures” of known malware. Since this malicious software is constantly being updated, you must update your antivirus program at just as regular intervals. Many antivirus programs will inform you immediately when new updates are available. Alternatively, you can always look into the software settings and check for updates. A third option is to check the manufacturer's website for updates directly. Here, too, you should find what you are looking for from the common manufacturers.
Turn on automatic checking: Oftentimes, this function is already activated when you download your antivirus program. Nevertheless: Check whether your antivirus program regularly (ideally after every system start) starts checking for malware. Recurring scans are important to identify problems early and to protect you from further damage.
Can online virus scanners replace installed software?
Online virus scanners offer several advantages over traditional programs: No installation is necessary and updates are carried out directly by the provider.
Nevertheless, an online virus scanner can only be of additional help. It cannot be used for the constant background analysis of files, which is one of the most important tasks of antivirus programs. With an online scanner, you would have to manually scan all new files.
Use of antivirus programs with security holes
If you are using any of the antivirus programs identified by Rack911 Labs, you should do one thing above all else: install updates. If your provider has already solved the problems, you should of course use the latest version of the software so that your system is not vulnerable. Even if you are using one of the free antivirus programs that have not yet been improved, this is still better than not using any virus protection at all.
Comments
Post a Comment