For years, any article about how to protect yourself from computer viruses and malware was usually tagged with “and keep your antivirus software up to date.”
That advice, however, appears to be in the review process as several tech sources have started to question the software's effectiveness.
The latest concern comes from the Department of Homeland Security's Computer Emergency Readiness Team (CERT), which singled out the popular antivirus software packages from Symantec, most commonly marketed under the Norton brand.
“Symantec antivirus products use common unpackers to extract malware binaries when scanning a system,” the agency noted. “A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.”
Multiple critical vulnerabilities
Last month, Google's Project Zero also sounded the alarm over Symantec products. It published details of what it called “multiple critical vulnerabilities” in the company's endpoint protection products that include ways for a hacker to remotely execute code changes.
“These vulnerabilities are as bad as it gets,” the Google researchers warned. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
In statements to various media, Symantec has said that it addressed the issues raised by Project Zero in subsequent updates.
But it turns out that questions about the effectiveness of antivirus software aren't exactly news. Last year, a technology blog for government IT specialists warned that “simply installing antivirus technology does not protect today’s endpoints.”
It cited a Lastline Labs study the previous year on the effectiveness of antivirus scanners, noting that much of the newly introduced malware slipped by nearly half of the antivirus vendors.
The study said that two months in, one third of the antivirus scanners still failed to find many of the malware samples. In fact, the malware that experts conceded is the least likely to be detected proved the points, with a majority of the antivirus scanners failing to find it. Some eventually found it, but it took a while.
Waste of money?
So at $30 to $50 a year, is antivirus-software a waste of money? Wired posed that question as early as 2012, when it discovered that many of the world's top IT security experts personally do not use an antivirus product.
At the time, Wired concluded the software is probably not a waste of money, especially for businesses that employ multiple users who might do stupid things.
But the report noted that malware creators test their products against the latest antivirus-software, so the most effective defense for most consumers is to be cautious about the websites they visit and to not open questionable attachments.