How Good is Antivirus Software at Protecting Itself? (tomsguide.com) 20
An anonymous reader writes: Earlier this week, AV-TEST evaluated 19 security suites and found that only three of them seemed to be well protected from savvy potential hackers. First, some context about the tests: The first test measured how well each program uses address space layout randomization (ASLR) and data execution prevention (DEP). Briefly, ASLR randomizes a computer's memory allocation, making it harder for an attacker to target a particular process in a program; DEP is a Windows protocol that designates some memory as non-executable space (other operating systems do this under different names), making it harder (or impossible) for unauthorized programs to run in that space. The second test measured whether the AV programs digitally signed their software-update files. Signing is a way of determining a file's origin and authenticity; unsigned files could be more easily substituted with malicious ones. The final test was the simplest, and determined whether an AV manufacturers delivered its software updates via the encrypted HTTPS web protocol. Lack of encryption makes it easy for an attacker to stage a man-in-the-middle attack by intercepting the data transmission, altering the data and then sending the data back on its way. Of the 19 programs tested, only three succeeded on all counts: Bitdefender Internet Security 2017, ESET Internet Security 10 and Kaspersky Internet Security 17.0. It's difficult to rank the rest of the programs, as each one succeeded and failed to varying degrees.
Re: (Score:1)
Came here to say this same thing.
None of those things matter at all if you've already got a process running on the system and are looking for ways to shut down the AV.
Re: (Score:2)
Agree but...
>> once done there is no further benefit to https encryption
HTTPS will keep a client from pulling updates from the wrong server. If I had a client that installed ANY properly signed update, I might intercept HTTP requests to install signed patch 1.4.8 and return signed patch 1.1.1 (a downgrade to a version with a known vulnerability) instead of the requested file.
If your clients are smart enough to check the signature (including expected
Nothing to worry about here (Score:1)
Virus called Microsoft (Score:1)
Except it doesn't protect you from Microsoft viruses
Re: (Score:1)
The one that supports viruses.
Re: (Score:2)
I tried installing Skype for Business but no matter what I try it won't run.
Re: (Score:2)
It does matter... if every windows user switched to {pick an operating system} overnight it wouldn't be long before it would be a cat and mouse game of who can find an exploit first the people patching or the people writing malicious software. It doesn't matter how secure you think it is when there is money to be made and the os with the most installs has it people will find a way. Android is quickly turning into swiss cheese just like windows.
Absolutely terrible. (Score:2)
That's (a small) part of why I don't employ them.
Next question?